Date: Tue, 9 Sep 2003 18:34:39 +0200 From: Guilmot Mike <mike.guilmot@pandora.be> To: freebsd-questions@freebsd.org Subject: Re: Spoofing, defense? Message-ID: <200309091834.39779.mike.guilmot@pandora.be> In-Reply-To: <20030909160935.GA13801@pref.my.domain> References: <004001c37540$cdf13680$0400a8c0@fire> <003301c3756e$dd43b440$f4f0a8c0@pcmedx.com> <20030909160935.GA13801@pref.my.domain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 09 September 2003 18:09, Alexander Farber wrote: > I've always wondered, why write the firewall rules > blocking some IP addresses (like on the bottom of this mail). > Doesn't it make more sense only to allow connections > addressed to the external IP of your firewall, like > > block in on rl0 from any to any > pass in quick on rl0 from any to $myExtIP www > pass in quick on rl0 from any to $myExtIP ssh The question was only to make sure spoofing was impossible. So I showed how to block the intern IPS, as stated in the RFC's :-) And I added a few ones too. What you gave was for a good firewall, what was asked was how to anti-spoof, right? :-) -- Kind regards, Guilmot Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309091834.39779.mike.guilmot>