Date: Fri, 3 Oct 2003 00:00:35 -0700 (PDT) From: Tom <tom@sdf.com> To: Haesu <haesu@towardex.com> Cc: freebsd-isp@freebsd.org Subject: Re: uRPF on FreeBSD Message-ID: <20031002235823.M82361@light.sdf.com> In-Reply-To: <20031003034611.GA59149@scylla.towardex.com> References: <20031003034611.GA59149@scylla.towardex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Oct 2003, Haesu wrote: > Is there any reverse-path verification feature in FreeBSD kernel? > > reverse-path verification as in uRPF (unicast reverse path filtering) widely > used for anti-ip-spoofing. > > If it is supported, then does FreeBSD's uPRF implementation also allow loose > and strict check like on Cisco? ... Usually RPF is just done with ACLs (ipfw) on FreeBSD. It can be a simple as have a simple input list on each interface that only permits sources that are known to be on that interface. Since most systems aren't running a routing protocol, so there aren't many routes and/or they don't change often, it is probably the simplest way of doing this. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031002235823.M82361>