From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com
	[IPv6:2607:f8b0:4001:c03::22d])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id A1EF521F151
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 16 Jun 2013 23:07:45 -0700 (PDT)
Received: by mail-ie0-f173.google.com with SMTP id k13so6022362iea.32
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 16 Jun 2013 23:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=oLZ3uv6XxRxNTUXVR5wZ3Goj8hfYPUJ7p/cDQoN9BaI=;
	b=uH4JBiKFkFUjsYGcPYIGYWtXmckGhaVWG4DzPlhI3JStB+WY1dT/qtUw1LWaUOcmsd
	8Ld75zNeodTw1OwuuwCTpXstQj5EH620HOOsdn/KB7cM/KrubSQU7Azc347K2cJz/iew
	nj7yRDH76cOYL2w9dEoBIudYd3J3+MGMWMtG8+MF/QJpmY3jC4vzP58ZjImpLUo+zc70
	/Mmk/V5dUNxlKDKTePc4HV8HMFKYeFIy80N0TKA34Hre9uPo8+bePKySbC6bwB++cS7q
	UHjh4hqGbMCNTqR/9yuVSu7uPgGZLGM9rBAWHTET86k9aA3IxapJRqqohj94Lp/RUA/W
	mZhQ==
MIME-Version: 1.0
X-Received: by 10.50.114.229 with SMTP id jj5mr3962386igb.36.1371449264811;
	Sun, 16 Jun 2013 23:07:44 -0700 (PDT)
Received: by 10.64.45.137 with HTTP; Sun, 16 Jun 2013 23:07:44 -0700 (PDT)
Date: Sun, 16 Jun 2013 23:07:44 -0700
Message-ID: <CAA93jw4S4JWpw+nRjRWsP-O69p+77K+Xg5cjNHt6t9+6H7U8Nw@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: cerowrt-devel@lists.bufferbloat.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [Cerowrt-devel] bcp 38
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 06:07:46 -0000

I have had this in place for ages, hopefully blocking egress of local
networks outside the nat. It appears to work...

iptables -t mangle -I POSTROUTING -d
192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j DROP

but what I'd wanted was to actually send a reason for it, but putting
the reason in icmp...

iptables -t mangle -I POSTROUTING -d
192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j REJECT
--reject-with icmp-host-unreachable

but that doesn't, saying that I can't put it in the mangle table, and
there isn't a postrouting table in the filter table...

--=20
Dave T=E4ht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.=
html