Date: Tue, 9 Oct 2001 14:26:54 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: Another firewall question - spoofing prevention and syntax Message-ID: <20011009142653.B64668@acadia.ne.mediaone.net> In-Reply-To: <20011009034832.M350@blossom.cjclark.org> References: <20011008233219.C589@acadia.ne.mediaone.net> <20011009034832.M350@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/09/01 03:48 AM, Crist J. Clark sat at the `puter and typed: > > . . . > > "(null)" is not a valid interface specification. However, > > # Refuse incoming packets pretending to be from the external address. > ipfw add deny log all from $IPADDR to any in > > # Refuse incoming packets claiming to be from a Class A, B or C > private network > ipfw add deny all from $CLASS_A to any in > ipfw add deny all from $CLASS_B to any in > ipfw add deny all from $CLASS_C to any in > > Is perfectly vaild. Ok, but does this discriminate the interface? If I have an internal network using an IP range in one of these classes, won't this kill it? Thanks again Lou PS. I'll send the rc.firewall on the other thread with the sections applicable above commented out, as I did until I could ensure its correctness. -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ The unfacts, did we have them, are too imprecisely few to warrant our certitude. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011009142653.B64668>