Building the Network You Need with OpenBSD's PF: BSDCan, Ottawa, May 9th 2012
PrevNext

Handling Non-Routable Addresses From Elsewhere

Bar officially unroutable (RFC1918 et al) traffic

martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
              10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
              0.0.0.0/8, 240.0.0.0/4 }"

block drop in quick on $ext_if from $martians
block drop out quick on $ext_if to $martians

NOTE: could usefully be rewritten as a table