{ config, pkgs, lib, ... }:
{
/*
0.0.0.0/0 Default (can be advertised in BGP if desired)
0.0.0.0/8 Self identification
0.0.0.0/32 Broadcast
10.0.0.0/8 Private Networks (RFC 1918)
127.0.0.0/8 Loopback
128.0.0.0/16 IANA Reserved (RFC 3330)
172.16.0.0/12 Private Networks (RFC 1918)
169.254.0.0/16 Local
191.255.0.0/16 Reserved (RFC 3330)
192.0.0.0/24 IANA Reserved (RFC 3330)
192.0.2.0/24 Test-Net (RFC 3330)
192.168.0.0/16 Networks (RFC 1918)
198.18.0.0/15 Network Interconnect Device Benchmark Testing
223.255.255.0/24 Special Use Networks (RFC 3330)
224.0.0.0/4 Multicast
240.0.0.0/4 Class E Reserved
::/0 Default (can be advertised as a route in BGP to peers if desired)
::/96 IPv4-compatible IPv6 address – deprecated by RFC4291
::/128 Unspecified address
::1 /128 Local host loopback address
::ffff:0.0.0.0 /96 IPv4-mapped addresses
::224.0.0.0 /100 Compatible address (IPv4 format)
::127.0.0.0 /104 Compatible address (IPv4 format)
::0.0.0.0 /104 Compatible address (IPv4 format)
::255.0.0.0 /104 Compatible address (IPv4 format)
0000:: /8 Pool used for unspecified, loopback and embedded IPv4 addresses
0200:: /7 OSI NSAP-mapped prefix set (RFC4548) – deprecated by RFC4048
3ffe::/16 Former 6bone, now decommissioned
2001:db8::/32 Reserved by IANA for special purposes and documentation
2002:e000:: /20 Invalid 6to4 packets (IPv4 multicast)
2002:7f00:: /24 Invalid 6to4 packets (IPv4 loopback)
2002:0000:: /24 Invalid 6to4 packets (IPv4 default)
2002:ff00:: /24 Invalid 6to4 packets
2002:0a00:: /24 Invalid 6to4 packets (IPv4 private 10.0.0.0/8 network)
2002:ac10:: /28 Invalid 6to4 packets (IPv4 private 172.16.0.0/12 network)
2002:c0a8:: /32 Invalid 6to4 packets (IPv4 private 192.168.0.0/16 network)
fc00:: /7 Unicast Unique Local Addresses (ULA) – RFC 4193
fe80:: /10 Link-local Unicast
fec0:: /10 Site-local Unicast – deprecated by RFC 3879 (replaced by ULA)
ff00:: /8 Multicast
https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt
*/
networking.nftables.ruleset = lib.mkBefore (lib.readFile ./nftables.txt);
}