Date: Sun, 1 Jan 2006 20:58:00 +0300 From: Gleb Smirnoff <glebius@FreeBSD.org> To: ?ukasz Bromirski <lbromirski@mr0vka.eu.org> Cc: freebsd-pf@FreeBSD.org Subject: Re: [feature] ipfw verrevpath/versrcreach? Message-ID: <20060101175800.GP42629@FreeBSD.org> In-Reply-To: <43B5C7E1.8060400@mr0vka.eu.org> References: <20051227084823.28384.qmail@web32611.mail.mud.yahoo.com> <20051227122546.GE81@insomnia.benzedrine.cx> <43B5C7E1.8060400@mr0vka.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 31, 2005 at 12:50:57AM +0100, ?ukasz Bromirski wrote: ?> Is there by any chance work being done on pf to include functionality ?> that is present in FreeBSD ipfw, that checks if packet entered ?> router via correct interface as pointed out by routing table? ?> ?> I know there is antispoof, but it's simple check of connected network ?> and interface address, not full lookup to routing table contents. ?> On ipfw it's called verrevpath (checking if routing table points ?> for this source IP to the interface it came on) and versrcreach ?> (the same but default and blackhole routes don't count). Implementing this feature is very easy. The code that does this check is only a few lines. You can just copy and paste code from ipfw(4) and add new keywords to pf(4). Then submit patch to Daniel and Max. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060101175800.GP42629>