From owner-freebsd-security Tue Jan 25 4:48:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 3E8BE14E5A for ; Tue, 25 Jan 2000 04:48:26 -0800 (PST) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id HAA31051; Tue, 25 Jan 2000 07:48:25 -0500 (EST) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id HAA25321; Tue, 25 Jan 2000 07:48:24 -0500 (EST) Message-Id: <4.2.2.20000125074438.00ade400@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Tue, 25 Jan 2000 07:46:57 -0500 To: "Rodney W. Grimes" From: Mike Tancsa Subject: Re: more complete ipfw rules Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200001250926.BAA70323@gndrsh.dnsmgr.net> References: <4.1.20000124201245.00962220@mail.thegrid.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:26 AM 1/25/2000 -0800, Rodney W. Grimes wrote: >... > > > I have this commented-out line in my ruleset. > > #$fwcmd add 550 deny log ip from 169.254.0.0/16 to any in via ${out_if} > > Don't quite remember what it's for. I hope it's not another wasted class > > B. Can anyone enlighten me? > >It is another wasted class B, it is not in any global bgp4 view I can >find, and disallowed as either src or dst on many a border router. If you are going to filter this space, be sure to watch what ARIN does, as 64.0.0.0/8 used to be a candidate for filters as well, but is now being allocated by them. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message