Hello Dave, On Sun, May 10, 2015 at 1:49 AM, Dave Taht <dave.taht@gmail.com> wrote:
I have had a piece long on the spike on how we implemented bcp38 for linux (openwrt) devices using the ipset facility.
We had a different use case (preventing all possible internal rfc1918 network addresses from escaping, while still allowing punching through one layer of nat ), but the underlying ipset facility was easily extendible to actually do bcp38 and fast to use, so that is what we ended up calling the openwrt package. Please contact me offlist if you would like a peek at that piece, because the article had some structural problems and we never got around to finishing/publishing it, and I would like to....
has there been a bcp38 equivalent published for ipv6?
I don't see how this is related to the OPs problem. But there's the rpfilter iptables module which can be used for BCP38 IPv4 and IPv6 implementations on linux routers.