juliangruber/fw.sh

## fw.sh
#!/usr/bin/env bash

ipv4ranges=(
  10.0.0.0/8
  100.64.0.0/10
  169.254.0.0/16
  172.16.0.0/12
  192.0.0.0/24
  192.0.2.0/24
  192.168.0.0/16
  198.18.0.0/15
  198.51.100.0/24
  203.0.113.0/24
  240.0.0.0/4
)

ipv6ranges=(
  100::/64
  2001:2::/48
  2001:db8::/32
  fc00::/7
  fe80::/10
)

for range in "${ipv4ranges[@]}"
do
  :
  echo "blocking ipv4 range $range"

  # Use REJECT so packets you send to this range will generate an ICMP response
  # packet, this will buble up filtering results to lassie (since lassie is the
  # sender the response packet don't leave your machine), if you use DROP here,
  # every attempt to dial private addresses in lassie will have to timeout
  # instead of erroring quickly.
  iptables -A OUTPUT -d "$range" -j REJECT

  # use DROP to avoid sending outbound ICMP response packets
  iptables -A INPUT -s "$range" -j DROP
done

for range in "${ipv6ranges[@]}"
do
  :
  echo "blocking ipv6 range $range"

  # Use REJECT so packets you send to this range will generate an ICMP response
  # packet, this will buble up filtering results to lassie (since lassie is the
  # sender the response packet don't leave your machine), if you use DROP here,
  # every attempt to dial private addresses in lassie will have to timeout
  # instead of erroring quickly.
  ip6tables -A OUTPUT -d "$range" -j REJECT

  # use DROP to avoid sending outbound ICMP response packets
  ip6tables -A INPUT -s "$range" -j DROP
done
	#!/usr/bin/env bash

	ipv4ranges=(
	10.0.0.0/8
	100.64.0.0/10
	169.254.0.0/16
	172.16.0.0/12
	192.0.0.0/24
	192.0.2.0/24
	192.168.0.0/16
	198.18.0.0/15
	198.51.100.0/24
	203.0.113.0/24
	240.0.0.0/4
	)

	ipv6ranges=(
	100::/64
	2001:2::/48
	2001:db8::/32
	fc00::/7
	fe80::/10
	)

	for range in "${ipv4ranges[@]}"
	do
	:
	echo "blocking ipv4 range $range"

	# Use REJECT so packets you send to this range will generate an ICMP response
	# packet, this will buble up filtering results to lassie (since lassie is the
	# sender the response packet don't leave your machine), if you use DROP here,
	# every attempt to dial private addresses in lassie will have to timeout
	# instead of erroring quickly.
	iptables -A OUTPUT -d "$range" -j REJECT

	# use DROP to avoid sending outbound ICMP response packets
	iptables -A INPUT -s "$range" -j DROP
	done

	for range in "${ipv6ranges[@]}"
	do
	:
	echo "blocking ipv6 range $range"

	# Use REJECT so packets you send to this range will generate an ICMP response
	# packet, this will buble up filtering results to lassie (since lassie is the
	# sender the response packet don't leave your machine), if you use DROP here,
	# every attempt to dial private addresses in lassie will have to timeout
	# instead of erroring quickly.
	ip6tables -A OUTPUT -d "$range" -j REJECT

	# use DROP to avoid sending outbound ICMP response packets
	ip6tables -A INPUT -s "$range" -j DROP
	done