interfaces: add note about CGN addresses included in private range; closes #2880

src/opnsense/scripts/filter/update_bogons.sh

@@ -56,9 +56,8 @@ ENTRIES_TOT=`pfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}'`
 ENTRIES_V4=`pfctl -vvsTables | awk '/-\tbogons$/ {getline; print $2}'`
 LINES_V4=`wc -l ${WORKDIR}/fullbogons-ipv4.txt | awk '{ print $1 }'`
 if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V4:-0}+LINES_V4)) ]; then
-    # These bogons are removed as they are private.  I'm not going
-    # to question this now, adding a big WARNING instead.  Here be
-    # dragons...
+    # private and pseudo-private networks will be excluded
+    # as they are being operated by a separate GUI option
     egrep -v "^100.64.0.0/10|^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" ${WORKDIR}/fullbogons-ipv4.txt > ${DESTDIR}/bogons
     RESULT=`/sbin/pfctl -t bogons -T replace -f ${DESTDIR}/bogons 2>&1`
     echo "$RESULT" | awk '{ print "Bogons V4 file downloaded: " $0 }' | logger

src/www/interfaces.php

@@ -1838,8 +1838,8 @@ include("head.inc");
                             <div class="hidden" data-for="help_for_blockpriv">
                               <?=gettext("When set, this option blocks traffic from IP addresses that are reserved " .
                                 "for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback " .
-                                "addresses (127/8). This option should only be set for WAN type interfaces that use " .
-                                "public IP address space.");?>
+                                "addresses (127/8) and Carrier-grade NAT addresses (100.64/10). This option should only " .
+                                "be set for WAN interfaces that use the public IP address space.") ?>
                             </div>
                           </td>
                         </tr>