From 9c574ebbbbe22bc88b5b42b4b2115dc8af108e18 Mon Sep 17 00:00:00 2001
From: itojun <>
Date: Thu, 9 Dec 1999 14:22:38 +0000
Subject: [PATCH] avoid transmitting invalid IPv6 packets out to the wire.

---
 src/etc/netstart | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/etc/netstart b/src/etc/netstart
index 403c8c0c..23f5b429 100644
--- a/src/etc/netstart
+++ b/src/etc/netstart
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: netstart,v 1.52 1999/12/09 13:59:57 itojun Exp $
+#	$OpenBSD: netstart,v 1.53 1999/12/09 14:22:38 itojun Exp $
 
 # Returns true if $1 contains only alphanumerics
 isalphanumeric() {
@@ -156,6 +156,14 @@ EOF
 	echo 'config error, multicasting disabled until rc.conf is fixed'
 	route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject;;
 esac
+
+# IPv6 configurations.
+# disallow scoped unicast dest without outgoing scope identifiers.
+route add -inet6 fe80:: -prefixlen 10 ::1 -reject
+route add -inet6 fc80:: -prefixlen 10 ::1 -reject
+# disallow "internal" addresses to appear on the wire.
+route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
+route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
 	
 # Configure NAT after configuring network interfaces
 if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then