diff options
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3395a94..82feef3 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1109,9 +1109,20 @@ EOD; } - $ipfrules .= <<<EOD + /* block bogon networks on WAN */ + /* http://www.cymru.com/Documents/bogon-bn-nonagg.txt */ + /* XXX - pull from www.cymru.com at some point so we don't have to manually update */ + if (isset($config['interfaces']['wan']['blockbogons'])) { + $ipfrules .= <<<EOD +# block bogon networks +# http://www.cymru.com/Documents/bogon-bn-nonagg.txt +table <bogons> persist file "/etc/bogons" +block in $log quick on $wanif from <bogons> to any label "block bogon networks from wan" +EOD; + + $ipfrules .= <<<EOD # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on $wanif all keep state label "let out anything from firewall host itself" @@ -1606,4 +1617,4 @@ function create_firewall_outgoing_rules_to_itself() { return $rule; } -?>
\ No newline at end of file +?> |
