Merge branch 'fix-rules' of dn42/registry into master

2025-05-09 14:15:23 +08:00 · 2019-06-03 18:02:50 +00:00 · 2019-06-03 18:02:50 +00:00 · dda0f1e43a
commit dda0f1e43a
parent 4f7678885d 95e8d3f121
2 changed files with 19 additions and 13 deletions
--- a/data/filter.txt
+++ b/data/filter.txt
@ -10,20 +10,23 @@
 #            /^[0-9]/ && $2 ~ /permit/ {printf "     %s{%s,%s},\n", $3, $4, $5};' | \
 #       sed "$ s/,$/\n  ];\n}/"

+# The rules MUST be sorted by the number column first and then the first matching rule MUST be used.
+# ROAs MUST be checked against these rules and max-length of the ROA NUST NOT be longer than allowed by the matching rule.

 #Nr   Action  Prefix           MinLen  MaxLen
-0010  permit  172.20.0.0/14    21      29      # dn42 main net
-0011  permit  172.20.0.0/24    28      32      # dn42 Anycast range
-0012  permit  172.21.0.0/24    28      32      # dn42 Anycast range
-0013  permit  172.22.0.0/24    28      32      # dn42 Anycast range
-0014  permit  172.23.0.0/24    28      32      # dn42 Anycast range

-0020  deny    10.10.10.0/24    24      32      # kabel deutschland/superkabel has DNS servers there (IDIOTS)
-0021  permit  10.100.0.0/14    14      32      # chaosvpn
-0022  permit  10.0.0.0/8       15      24      # freifunk/chaosvpn
+0001  deny    172.22.166.0/24  24      32      # Black List due not responding to abuse mails after wiki grief.

-0040  permit  172.31.0.0/16    16      32      # chaosvpn
+1001  permit  172.20.0.0/24    28      32      # dn42 Anycast range
+1002  permit  172.21.0.0/24    28      32      # dn42 Anycast range
+1003  permit  172.22.0.0/24    28      32      # dn42 Anycast range
+1004  permit  172.23.0.0/24    28      32      # dn42 Anycast range
+1100  permit  172.20.0.0/14    21      29      # dn42 main net

-0050  deny    172.22.166.0/24  24      32      # Black List due to policy violations.
+2001  permit  10.100.0.0/14    14      32      # chaosvpn
+2002  permit  10.0.0.0/8       15      24      # freifunk/chaosvpn
+
+3001  permit  172.31.0.0/16    16      32      # chaosvpn
+
+9999  deny    0.0.0.0/0        0       32      # block the rest

-1000  deny    0.0.0.0/0        0       32      # block the rest
--- a/data/filter6.txt
+++ b/data/filter6.txt
@ -10,8 +10,11 @@
 #            /^[0-9]/ && $2 ~ /permit/ {printf "     %s{%s,%s},\n", $3, $4, $5};' | \
 #       sed "$ s/,$/\n  ];\n}/"

+# The rules MUST be sorted by the number column first and then the first matching rule MUST be used.                                                                                                                                                                                                                                                         # ROAs MUST be checked against these rules and max-length of the ROA NUST NOT be longer than allowed by the matching rule.
+
 # Nr    Action    Prefix                      MinLen  MaxLen    # Comment
-0010    deny      fc00::/8                     8      128       # ULA (undefined)
-0011    permit    fd00::/8                    44       64       # ULA (defined)

+1001    permit    fd00::/8                    44       64       # ULA (defined)
+
+9999    deny      ::/0                         0      128       # block the rest