nanog mailing list archives
Re: Updated prefix filtering
From: Frederik Kriewitz <frederik () kriewitz eu>
Date: Sun, 10 May 2015 18:55:07 +0200
Hello Dave, On Sun, May 10, 2015 at 1:49 AM, Dave Taht <dave.taht () gmail com> wrote:
I have had a piece long on the spike on how we implemented bcp38 for linux (openwrt) devices using the ipset facility. We had a different use case (preventing all possible internal rfc1918 network addresses from escaping, while still allowing punching through one layer of nat ), but the underlying ipset facility was easily extendible to actually do bcp38 and fast to use, so that is what we ended up calling the openwrt package. Please contact me offlist if you would like a peek at that piece, because the article had some structural problems and we never got around to finishing/publishing it, and I would like to.... has there been a bcp38 equivalent published for ipv6?
I don't see how this is related to the OPs problem. But there's the rpfilter iptables module which can be used for BCP38 IPv4 and IPv6 implementations on linux routers.
Current thread:
- Updated prefix filtering Chaim Rieger (May 08)
- Re: Updated prefix filtering Faisal Imtiaz (May 08)
- Re: Updated prefix filtering Frederik Kriewitz (May 09)
- Re: Updated prefix filtering Dave Taht (May 09)
- Re: Updated prefix filtering Frederik Kriewitz (May 10)
- Re: Updated prefix filtering Mark Andrews (May 10)
- Re: Updated prefix filtering Faisal Imtiaz (May 08)