Date: Sat, 31 Dec 2005 01:34:07 +0100 From: Olivier Warin <daffy@xview.net> To: freebsd-pf@freebsd.org Subject: Re: [feature] ipfw verrevpath/versrcreach? Message-ID: <8669F63F-2290-446E-90AF-C95FE5C17129@xview.net> In-Reply-To: <43B5C7E1.8060400@mr0vka.eu.org> References: <20051227084823.28384.qmail@web32611.mail.mud.yahoo.com> <20051227122546.GE81@insomnia.benzedrine.cx> <43B5C7E1.8060400@mr0vka.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, This feature will help to mitigate DoS atttacks, I vote for :-) verrevpath & versrcreach are references to Cisco Revers Path =20 Forwarding algorithm and was first time cited in RFC1812. I would add that, AFAIK, the partial implementation, antispoof, =20 (which is unable to make the distinction between "strict" & "loose" =20 modes) prevents pf to be used on Internet eXchange Points, in an ISP-=20 ISP environment (because of asymmetric routing). Maybee recent commits in pf related to openbgpd change this ? Regards, Le 31 d=C3=A9c. 05 =C3=A0 00:50, =C5=81ukasz Bromirski a =C3=A9crit : > Hi all, > > Is there by any chance work being done on pf to include functionality > that is present in FreeBSD ipfw, that checks if packet entered > router via correct interface as pointed out by routing table? > > I know there is antispoof, but it's simple check of connected network > and interface address, not full lookup to routing table contents. > On ipfw it's called verrevpath (checking if routing table points > for this source IP to the interface it came on) and versrcreach > (the same but default and blackhole routes don't count). > > --=20 > this space was intentionally left blank | =C5=81ukasz =20= > Bromirski > you can insert your favourite quote here | =20 > lukasz:bromirski,net > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" -- Olivier Warin - http://xview.net Stay connected !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8669F63F-2290-446E-90AF-C95FE5C17129>