I have a private network with a handful of Linux routers all route sharing via OSPF. How do I blackhole private network ranges that I don't have routes for?
In other words, I want to be sure I NEVER route 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/24 out to the default gateway. I can't just create static sink (blackhole) routes for these networks as a network within one of the private ranges may get advertised via OSPF.
I could use netfilter to just DROP all traffic going out the default GW connected interface if its in a private range, but I figured iproute2/linux might have had a simpler or more 'correct' solution.
Best Answer
Since more specific routes always take precedence, any ranges advertised via OSPF will take precedence over the blackhole routes.
Cisco:
On Linux: