diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2006-11-15 06:28:34 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2006-11-15 06:28:34 +0000 |
| commit | ae77e2e2ad4a32ab6603e77a1d3d03b921a1549d (patch) | |
| tree | 5ecf1707add46b7dd52e081e823d01022e818e80 | |
| parent | b7181866f126780f311cd1fa092399760a9eeeeb (diff) | |
reject multicast packet without scope identifier specified.
| -rw-r--r-- | etc/netstart | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/netstart b/etc/netstart index c9487f36ec9..9823cffcb49 100644 --- a/etc/netstart +++ b/etc/netstart @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: netstart,v 1.114 2006/06/29 17:23:28 todd Exp $ +# $OpenBSD: netstart,v 1.115 2006/11/15 06:28:33 itojun Exp $ # Strip comments (and leading/trailing whitespace if IFS is set) # from a file and spew to stdout @@ -261,6 +261,10 @@ if ifconfig lo0 inet6 >/dev/null 2>&1; then route -qn add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null route -qn add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null + # Disallow packets without scope identifier. + route -qn add -inet6 ff01:: -prefixlen 16 ::1 -reject > /dev/null + route -qn add -inet6 ff02:: -prefixlen 16 ::1 -reject > /dev/null + # Completely disallow packets to IPv4 compatible prefix. # This may conflict with RFC1933 under following circumstances: # (1) An IPv6-only KAME node tries to originate packets to IPv4 |