[OpenWrt-Devel] firewall instead of routing rules to keep ULAs from escaping

Steven Barth cyrus at openwrt.org
Tue Jun 16 11:05:36 EDT 2015

You should see an unreachable route for your own local ULA /48.
Also if your clients try to use your local ULA as source to reach
anything outside of the ULA (e.g. global addresses) this is blocked
(there is no matching route - simpler explanation to my previous post).

I don't see any particular point to blocking all of the ULA-space as
destination though.

If you think its useful for you you can either add a firewall route or
an unreachable route manually in /etc/config/firewall or
/etc/config/network respectively.


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list