[BACK]Return to netstart CVS log [TXT][DIR] Up to [local] / src / etc

Diff for /src/etc/netstart between version 1.97 and 1.98

version 1.97, 2004/05/29 07:01:03 version 1.98, 2004/10/20 21:17:34
Line 203 
Line 203 
         ip6kernel=YES          ip6kernel=YES
   
         # Disallow link-local unicast dest without outgoing scope identifiers.          # Disallow link-local unicast dest without outgoing scope identifiers.
         route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject > /dev/null          route -qn add -inet6 fe80:: -prefixlen 10 ::1 -reject > /dev/null
   
         # Disallow site-local unicast dest without outgoing scope identifiers.          # Disallow site-local unicast dest without outgoing scope identifiers.
         # If you configure site-locals without scope id (it is permissible          # If you configure site-locals without scope id (it is permissible
         # config for routers that are not on scope boundary), you may want          # config for routers that are not on scope boundary), you may want
         # to comment the line out.          # to comment the line out.
         route -q add -inet6 fec0:: -prefixlen 10 ::1 -reject > /dev/null          route -qn add -inet6 fec0:: -prefixlen 10 ::1 -reject > /dev/null
   
         # Disallow "internal" addresses to appear on the wire.          # Disallow "internal" addresses to appear on the wire.
         route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null          route -qn add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
   
         # Disallow packets to malicious IPv4 compatible prefix.          # Disallow packets to malicious IPv4 compatible prefix.
         route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject > /dev/null          route -qn add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject > /dev/null
         route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject > /dev/null          route -qn add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
         route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject > /dev/null          route -qn add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
         route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject > /dev/null          route -qn add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
   
         # Disallow packets to malicious 6to4 prefix.          # Disallow packets to malicious 6to4 prefix.
         route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject > /dev/null          route -qn add -inet6 2002:e000:: -prefixlen 20 ::1 -reject > /dev/null
         route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject > /dev/null          route -qn add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject > /dev/null
         route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null          route -qn add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null
         route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null          route -qn add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null
   
         # Completely disallow packets to IPv4 compatible prefix.          # Completely disallow packets to IPv4 compatible prefix.
         # This may conflict with RFC1933 under following circumstances:          # This may conflict with RFC1933 under following circumstances:
Line 239 
Line 239 
         #     asked to forward it.          #     asked to forward it.
         # Due to rare use of IPv4 compatible addresses, and security issues          # Due to rare use of IPv4 compatible addresses, and security issues
         # with it, we disable it by default.          # with it, we disable it by default.
         route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null          route -qn add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
   
         rtsolif=""          rtsolif=""
 else  else
Legend:
Removed from v.1.97  
changed lines
  Added in v.1.98