On Tue, 2015-06-16 at 17:05 +0200, Steven Barth wrote: > You should see an unreachable route for your own local ULA /48.
Indeed: fd31:aeb1:48df::/64 dev br-lan proto static metric 1024 unreachable fd31:aeb1:48df::/48 dev lo proto static metric 2147483647 error -128 > Also if your clients try to use your local ULA as source to reach > anything outside of the ULA (e.g. global addresses) this is blocked > (there is no matching route - simpler explanation to my previous post). Hrm. How is that done, since that is source-route matching? Not via the normal routing table, right? > I don't see any particular point to blocking all of the ULA-space as > destination though. The point is to give an immediate failure (i.e. ENETUNREACH) to misguided attempts to connect to the ULA space via one's Internet connection. These typically happen when somebody else misguidedly puts the ULA address for their host into their global DNS zone instead of the global address. Yes, it should just time out eventually, but why make them wait for that? > If you think its useful for you It seems to me to be useful to everybody. And TBH, I'm surprised it's not a requirement of some RFC, as I was unable to find any such requirement although I found recommendations. Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
