[OpenWrt-Devel] firewall instead of routing rules to keep ULAs from escaping
Steven Barth
cyrus at openwrt.org
Tue Jun 16 12:56:34 EDT 2015
Source-Destination matching is done in the regular routing table.
E.g. for my he.net connection the v6 routing table looks like this:
default from 2001:470:xx:yyy::/64 dev 6in4-henet proto static metric 1024
default from 2001:470:zzzz::/48 dev 6in4-henet proto static metric 1024
if you try to send with a ULA there is no matching route since there is
no unspecific default route.
Also I disagree about the general usefulness of a fc00::/7 block. I can
imagine e.g. a VPN-scenario where (on top of tunneling internet access)
you access certain local services which have ULAs. This would
essentially be broken by your generic rule for not much added gain.
Cheers,
Steven
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list