[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    antispoof and default routes
From:       "Travis H." <travis () subspacefield ! org>
Date:       2007-01-21 23:27:38
Message-ID: 20070121232738.GA20979 () subspacefield ! org
[Download RAW message or body]


Someone's guide to pf made the intelligent observation that if
you use antispoof, you can often avoid specifying an interface
in the filter rules that also refer to IPs (or ranges), because
you already know what interface those are coming from.

However, I wanted to point out that you can't really use antispoof
on an interface with a default route to/from it, since any IP
(other than those on other interfaces) can come from there.

So basically you still need to specify the WAN interface in rules
which deal with it.
--=20
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]