On 2009-01-22, Steve Laurie <st...@foo-unix.org> wrote: > Hi all, > > I was wondering if someone could tell me why there's a need to write > a rule to block addresses that come under the private address space if > these addresses aren't routable over the Internet?
They don't usually appear in full internet routing tables, but that's not always the case, sometimes they do show up. And even if you can't send packets _to_ them, they can still be used as a source address on malicious packets, a lot of providers don't do BCP38 ingress filtering.
