From 535fc1937dc8637d13a3540599126c2f75f7adc1 Mon Sep 17 00:00:00 2001
From: Vadim Berezniker <vadim@buildbuddy.io>
Date: Wed, 14 Aug 2024 14:30:10 -0700
Subject: [PATCH] Reject packets to private IP ranges instead of dropping them.
 (#7246)

---
 server/util/networking/networking.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/util/networking/networking.go b/server/util/networking/networking.go
index b0f24456025..01cd8f92216 100644
--- a/server/util/networking/networking.go
+++ b/server/util/networking/networking.go
@@ -704,7 +704,7 @@ func routingTableContainsTable(tableEntry string) (bool, error) {
 
 func ConfigurePrivateRangeBlackholing(ctx context.Context, sourceRange string) error {
 	for _, r := range PrivateIPRanges {
-		if err := runCommand(ctx, "iptables", "--wait", "-I", "FORWARD", "-s", sourceRange, "-d", r, "-j", "DROP"); err != nil {
+		if err := runCommand(ctx, "iptables", "--wait", "-I", "FORWARD", "-s", sourceRange, "-d", r, "-j", "REJECT"); err != nil {
 			return err
 		}
 	}