diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2017-03-20 23:52:06 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2017-03-20 23:52:06 +0000 |
commit | a2c2500c2f25594898f767edbeed4086262d1a4e (patch) | |
tree | 9cc4425876c14d736fcbb7266ca6eb1ea19620d8 /share/man | |
parent | 52fbaf992bf3447d39006e31f9b308734891cc42 (diff) |
some notes from bluhm about setting a reject route;
Diffstat (limited to 'share/man')
-rw-r--r-- | share/man/man4/inet6.4 | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4 index 44593e24a77..c9bac07e4f7 100644 --- a/share/man/man4/inet6.4 +++ b/share/man/man4/inet6.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: inet6.4,v 1.34 2015/09/10 17:55:21 schwarze Exp $ +.\" $OpenBSD: inet6.4,v 1.35 2017/03/20 23:52:05 jmc Exp $ .\" $KAME: inet6.4,v 1.19 2000/11/24 10:13:18 itojun Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2015 $ +.Dd $Mdocdate: March 20 2017 $ .Dt INET6 4 .Os .Sh NAME @@ -117,6 +117,14 @@ and does not support IPv4 mapped addresses, where IPv4 traffic is seen as if it comes from an IPv6 address like .Li ::ffff:10.1.1.1 . Where both IPv4 and IPv6 traffic need to be accepted, listen on two sockets. +.Pp +It is also advisable to explicitly reject all packets to your network +not used by any of your interface prefixes. +Otherwise packets that have a destination address belonging to your network +may be routed back to your provider via the default route. +Set a reject route for your assigned prefix: +.Pp +.Dl # route -add net 2001:db8::/48 ::1 -reject .Sh ADDRESSING IPv6 addresses are 16 byte quantities, stored in network standard byteorder. The include file |