From owner-freebsd-net@FreeBSD.ORG Wed Jul 21 17:54:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 708DA16A4CE; Wed, 21 Jul 2004 17:54:13 +0000 (GMT) Received: from rms04.rommon.net (rms04.rommon.net [212.54.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25C7443D53; Wed, 21 Jul 2004 17:54:12 +0000 (GMT) (envelope-from pete@he.iki.fi) Received: from [193.64.42.134] (h86.vuokselantie10.fi [193.64.42.134]) by rms04.rommon.net (8.12.10/8.12.9) with ESMTP id i6LHs93v000427; Wed, 21 Jul 2004 20:54:09 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <40FEADC1.8070400@he.iki.fi> Date: Wed, 21 Jul 2004 20:54:09 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.1) Gecko/20040707 X-Accept-Language: en-us, en MIME-Version: 1.0 To: James References: <20040720021237.GA74977@scylla.towardex.com> <40FCD21B.40CB83ED@freebsd.org> <20040721020418.GA53214@scylla.towardex.com> <40FE4367.AA7B0A7F@freebsd.org> <20040721114455.GA47249@scylla.towardex.com> In-Reply-To: <20040721114455.GA47249@scylla.towardex.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: Andre Oppermann cc: James Subject: Re: IPFW2 versrcreach update X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 17:54:13 -0000 James wrote: > >uRPF should not emit an ICMP when it drops a -reject route. Even with >ip unreachables, Cisco won't emit ICMP when uRPF is killing a packet. The source >that triggered uRPF drop condition cannot be trusted as it may have spoofed the >packet. > > > Where would the ICMP go anyway because you either donīt have a route to where you would point the packet to or the route points to null. Pete