Attachment 1311 Details for Bug 3379 – bogon_acl.conf

bogon_acl.conf

bogon_acl.conf (text/plain), 2.08 KB, created by Dave Hodgins on 2011-12-30 21:49:45 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Dave Hodgins

Created: 2011-12-30 21:49:45 CET

Size: 2.08 KB

patch

obsolete

>// 
>// NOTE: This list is changing all the time (naturally) and serves as an
>// example only. It is up to you to keep this list up-to-date. In Mandriva
>// Linux we allow the 192.168.0.0/16 network to do recursive lookups per
>// default. If you don't like this you need to change this now.
>//
>// http://qa.mandriva.com/en/show_bug.cgi?id=27981
>// 
>// The list was taken from http://www.cymru.com/Documents/secure-bind-template.html
>// Secure BIND Template Version 6.3 27 MAY 2008
>//
>// You should keep an eye on http://www.iana.org/assignments/ipv4-address-space in 
>// order to stay up to date.
>// 
>// NOTE: As of Fri Jul 31 2009 this file isn't used anymore and serves as an example
>// only. You should instead look at:
>// http://www.team-cymru.org/Services/Bogons/
>//
>// $Id: bogon_acl.conf 405097 2009-07-31 12:51:25Z oden $
>// $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/bogon_acl.conf $
>
>acl "bogon" {
>    // Filter out the bogon networks.  These are networks
>    // listed by IANA as test, RFC1918, Multicast, experi-
>    // mental, etc.  If you see DNS queries or updates with
>    // a source address within these networks, this is likely
>    // of malicious origin. CAUTION: If you are using RFC1918
>    // netblocks on your network, remove those netblocks from
>    // this list of blackhole ACLs!
>    0.0.0.0/8;
>    1.0.0.0/8;
>    2.0.0.0/8;
>    5.0.0.0/8;
>    10.0.0.0/8;
>    14.0.0.0/8;
>    23.0.0.0/8;
>    27.0.0.0/8;
>    31.0.0.0/8;
>    36.0.0.0/8;
>    37.0.0.0/8;
>    39.0.0.0/8;
>    42.0.0.0/8;
>    46.0.0.0/8;
>    49.0.0.0/8;
>    50.0.0.0/8;
>    100.0.0.0/8;
>    101.0.0.0/8;
>    102.0.0.0/8;
>    103.0.0.0/8;
>    104.0.0.0/8;
>    105.0.0.0/8;
>    106.0.0.0/8;
>    107.0.0.0/8;
>    108.0.0.0/8;
>    109.0.0.0/8;
>    110.0.0.0/8;
>    111.0.0.0/8;
>    169.254.0.0/16;
>    172.16.0.0/12;
>    175.0.0.0/8;
>    176.0.0.0/8;
>    177.0.0.0/8;
>    178.0.0.0/8;
>    179.0.0.0/8;
>    180.0.0.0/8;
>    181.0.0.0/8;
>    182.0.0.0/8;
>    183.0.0.0/8;
>    184.0.0.0/8;
>    185.0.0.0/8;
>    192.0.2.0/24;
>//    192.168.0.0/16;
>    197.0.0.0/8;
>    198.18.0.0/15;
>    223.0.0.0/8;
>    224.0.0.0/3;
>};

// 
// NOTE: This list is changing all the time (naturally) and serves as an
// example only. It is up to you to keep this list up-to-date. In Mandriva
// Linux we allow the 192.168.0.0/16 network to do recursive lookups per
// default. If you don't like this you need to change this now.
//
// http://qa.mandriva.com/en/show_bug.cgi?id=27981
// 
// The list was taken from http://www.cymru.com/Documents/secure-bind-template.html
// Secure BIND Template Version 6.3 27 MAY 2008
//
// You should keep an eye on http://www.iana.org/assignments/ipv4-address-space in 
// order to stay up to date.
// 
// NOTE: As of Fri Jul 31 2009 this file isn't used anymore and serves as an example
// only. You should instead look at:
// http://www.team-cymru.org/Services/Bogons/
//
// $Id: bogon_acl.conf 405097 2009-07-31 12:51:25Z oden $
// $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/bogon_acl.conf $

acl "bogon" {
    // Filter out the bogon networks.  These are networks
    // listed by IANA as test, RFC1918, Multicast, experi-
    // mental, etc.  If you see DNS queries or updates with
    // a source address within these networks, this is likely
    // of malicious origin. CAUTION: If you are using RFC1918
    // netblocks on your network, remove those netblocks from
    // this list of blackhole ACLs!
    0.0.0.0/8;
    1.0.0.0/8;
    2.0.0.0/8;
    5.0.0.0/8;
    10.0.0.0/8;
    14.0.0.0/8;
    23.0.0.0/8;
    27.0.0.0/8;
    31.0.0.0/8;
    36.0.0.0/8;
    37.0.0.0/8;
    39.0.0.0/8;
    42.0.0.0/8;
    46.0.0.0/8;
    49.0.0.0/8;
    50.0.0.0/8;
    100.0.0.0/8;
    101.0.0.0/8;
    102.0.0.0/8;
    103.0.0.0/8;
    104.0.0.0/8;
    105.0.0.0/8;
    106.0.0.0/8;
    107.0.0.0/8;
    108.0.0.0/8;
    109.0.0.0/8;
    110.0.0.0/8;
    111.0.0.0/8;
    169.254.0.0/16;
    172.16.0.0/12;
    175.0.0.0/8;
    176.0.0.0/8;
    177.0.0.0/8;
    178.0.0.0/8;
    179.0.0.0/8;
    180.0.0.0/8;
    181.0.0.0/8;
    182.0.0.0/8;
    183.0.0.0/8;
    184.0.0.0/8;
    185.0.0.0/8;
    192.0.2.0/24;
//    192.168.0.0/16;
    197.0.0.0/8;
    198.18.0.0/15;
    223.0.0.0/8;
    224.0.0.0/3;
};

Actions: View

Attachments on bug 3379: 1308 | 1309 | 1310 | 1311 | 1312