[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Blocking routing tables between interfaces
From:       Darren Reed <darrenr () cyber ! com ! au>
Date:       1997-09-06 15:35:52
[Download RAW message or body]

In some mail I received from Tony Clark, sie wrote
> 
> 
> 
> I want would the correct syntax of the rules files be to allow routing inbound
> on le1 but no out on le0.
> 
> pass in le1 proto udp from any to any
> block out proto udp from any to any

You probably want to mention something about which port it's on, such as:

pass in on le1 proto udp from any to any port = route
block out on le0 proto udp from any to any

but this leaves you vulnerable to routing spoof attacks from le1 (such as
someone saying the default route is via le1 instead of le0 or whatever).

Darren

[prev in list] [next in list] [prev in thread] [next in thread]