[OpenWrt-Devel] firewall instead of routing rules to keep ULAs from escaping

Steven Barth cyrus at openwrt.org
Tue Jun 16 11:05:36 EDT 2015


You should see an unreachable route for your own local ULA /48.
Also if your clients try to use your local ULA as source to reach
anything outside of the ULA (e.g. global addresses) this is blocked
(there is no matching route - simpler explanation to my previous post).

I don't see any particular point to blocking all of the ULA-space as
destination though.

If you think its useful for you you can either add a firewall route or
an unreachable route manually in /etc/config/firewall or
/etc/config/network respectively.



Cheers,

Steven
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list