3 option interface 'ge00'
4 option detect_upstream 1
5 list match '127.0.0.0/8'
6 list match '0.0.0.0/8' # RFC 1700
7 list match '240.0.0.0/4' # RFC 5745
8 list match '192.0.2.0/24' # RFC 5737
9 list match '198.51.100.0/24' # RFC 5737
10 list match '203.0.113.0/24' # RFC 5737
11 list match '192.168.0.0/16' # RFC 1918
12 list match '10.0.0.0/8' # RFC 1918
13 list match '172.16.0.0/12' # RFC 1918
14 list match '169.254.0.0/16' # RFC 3927
16 # list nomatch '172.26.0.0/21' # Example of something not to match
17 # There is a dhcp trigger to do this for the netmask of a
18 # double natted connection needed
20 # I will argue that this level of indirection doesn't scale
21 # very well - see how to block china as an example
22 # http://www.okean.com/china.txt