[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Exit node rejection of special IPv4 blocks



I'd like a sanity check on this list of special-purpose IPv4 blocks
which I'm currently forbidding in the CMU exit node's policy.  I'm
most uncertain about denying access to multicast (224.0.0.0/4) and
6to4 router anycast (192.88.99.0/24) -- I *think* there are no
scenarios where someone would actually need to get at either of those
via Tor, but I could be wrong.

# Reserved IPv4 addresses, sorted by RFC and then numerically
reject 255.255.255.255/32:*  # RFC 0919: "limited broadcast"
reject 224.0.0.0/4:*         # RFC 1112: multicast
reject 240.0.0.0/4:*         # RFC 1112: future addressing modes

reject 0.0.0.0/8:*           # RFC 1122: "This host" source address
reject 127.0.0.0/8:*         # RFC 1122: Loopback

reject 10.0.0.0/8:*          # RFC 1918: private use
reject 172.16.0.0/12:*       # "   "     "
reject 192.168.0.0/16:*      # "   "     "

reject 198.18.0.0/15:*       # RFC 2544: test environments
reject 192.88.99.0/24:*      # RFC 3068: 6to4 relay anycast (???)
reject 169.254.0.0/16:*      # RFC 3927: link-local

reject 192.0.2.0/24:*        # RFC 5737: documentation
reject 198.51.100.0/24:*     # "   "     "
reject 203.0.113.0/24:*      # "   "     "

reject 100.64.0.0/10:*       # RFC 6598: "shared space"/"carrier grade NAT"
reject 192.0.0.0/24:*        # RFC 6890: future special purposes

TIA,
zw
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays