From owner-freebsd-pf@FreeBSD.ORG  Fri Dec 30 23:47:48 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6374516A41F
	for <freebsd-pf@freebsd.org>; Fri, 30 Dec 2005 23:47:48 +0000 (GMT)
	(envelope-from lbromirski@mr0vka.eu.org)
Received: from r2d2.bromirski.net (r2d2.bromirski.net [217.153.57.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DED8743D5F
	for <freebsd-pf@freebsd.org>; Fri, 30 Dec 2005 23:47:47 +0000 (GMT)
	(envelope-from lbromirski@mr0vka.eu.org)
Received: from [192.168.0.10] (shield.wesola.pl [62.111.150.246])
	by r2d2.bromirski.net (Postfix) with ESMTP id B1ACB108C44;
	Sat, 31 Dec 2005 00:53:12 +0100 (CET)
Message-ID: <43B5C7E1.8060400@mr0vka.eu.org>
Date: Sat, 31 Dec 2005 00:50:57 +0100
From: =?ISO-8859-2?Q?=A3ukasz_Bromirski?= <lbromirski@mr0vka.eu.org>
User-Agent: Thunderbird 1.5 (Windows/20051206)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
References: <20051227084823.28384.qmail@web32611.mail.mud.yahoo.com>
	<20051227122546.GE81@insomnia.benzedrine.cx>
In-Reply-To: <20051227122546.GE81@insomnia.benzedrine.cx>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 8bit
Cc: 
Subject: [feature] ipfw verrevpath/versrcreach?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Dec 2005 23:47:48 -0000

Hi all,

Is there by any chance work being done on pf to include functionality
that is present in FreeBSD ipfw, that checks if packet entered
router via correct interface as pointed out by routing table?

I know there is antispoof, but it's simple check of connected network
and interface address, not full lookup to routing table contents.
On ipfw it's called verrevpath (checking if routing table points
for this source IP to the interface it came on) and versrcreach
(the same but default and blackhole routes don't count).

-- 
this space was intentionally left blank    |            Łukasz Bromirski
you can insert your favourite quote here   |        lukasz:bromirski,net