summaryrefslogtreecommitdiff
path: root/etc/rpki
diff options
context:
space:
mode:
authorJob Snijders <job@cvs.openbsd.org>2023-12-26 13:36:19 +0000
committerJob Snijders <job@cvs.openbsd.org>2023-12-26 13:36:19 +0000
commit2d86891e82872905e14bbbc4100fd62735e8fdb0 (patch)
tree40841f8376c1b8b4443eb9b039d84d0d8222c3a2 /etc/rpki
parent0c095b55725825f45372667a20fb23c15af43f3e (diff)
Align the other RIRs with the recent clarifications from AFRINIC
Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files (since no resources can be transferred from AFRINIC to any other RIRs). OK tb@
Diffstat (limited to 'etc/rpki')
-rw-r--r--etc/rpki/apnic.constraints67
-rw-r--r--etc/rpki/arin.constraints67
-rw-r--r--etc/rpki/lacnic.constraints67
-rw-r--r--etc/rpki/ripe.constraints67
4 files changed, 148 insertions, 120 deletions
diff --git a/etc/rpki/apnic.constraints b/etc/rpki/apnic.constraints
index 357e4d45a3e..276409ade69 100644
--- a/etc/rpki/apnic.constraints
+++ b/etc/rpki/apnic.constraints
@@ -1,4 +1,4 @@
-# $OpenBSD: apnic.constraints,v 1.3 2023/12/19 08:10:19 job Exp $
+# $OpenBSD: apnic.constraints,v 1.4 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:200::/23
@@ -21,36 +21,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703
diff --git a/etc/rpki/arin.constraints b/etc/rpki/arin.constraints
index 53d20e7dd69..4eb58fd0ca3 100644
--- a/etc/rpki/arin.constraints
+++ b/etc/rpki/arin.constraints
@@ -1,4 +1,4 @@
-# $OpenBSD: arin.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
+# $OpenBSD: arin.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:400::/23
@@ -17,36 +17,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703
diff --git a/etc/rpki/lacnic.constraints b/etc/rpki/lacnic.constraints
index 68fc2c94ed8..8c27213895f 100644
--- a/etc/rpki/lacnic.constraints
+++ b/etc/rpki/lacnic.constraints
@@ -1,4 +1,4 @@
-# $OpenBSD: lacnic.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
+# $OpenBSD: lacnic.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:1200::/23
@@ -12,36 +12,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703
diff --git a/etc/rpki/ripe.constraints b/etc/rpki/ripe.constraints
index c3357545ea9..ae63ba1903b 100644
--- a/etc/rpki/ripe.constraints
+++ b/etc/rpki/ripe.constraints
@@ -1,4 +1,4 @@
-# $OpenBSD: ripe.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
+# $OpenBSD: ripe.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:600::/23
@@ -24,36 +24,43 @@ deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703