[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

blocking private address ranges

I see a lot of sample rulesets making a point to block RFC 1918 address ranges - but I have to ask, is it really feasible that packets with these source addresses would really reach anyone's interface? Unless the firewall is connected to a network addressed as such, doesn't simple routing by definition prevent such a possibility? Would these packets even feasibly be routed to the network you are trying to protect?


forbidden="{,,, \, }"
block in log quick on $ext_if from $forbidden to $homenet