cvs commit: src/sys/netinet ip_fw.h ip_fw2.c src/sbin/ipfw
ipfw.8 ipfw2.c
Robert Watson
rwatson at FreeBSD.org
Tue Aug 10 08:03:45 PDT 2004
On Mon, 9 Aug 2004, Andre Oppermann wrote:
> Modified files:
> sys/netinet ip_fw.h ip_fw2.c
> sbin/ipfw ipfw.8 ipfw2.c
> Log:
> New ipfw option "antispoof":
>
> For incoming packets, the packet's source address is checked if it
> belongs to a directly connected network. If the network is directly
> connected, then the interface the packet came on in is compared to
> the interface the network is connected to. When incoming interface
> and directly connected interface are not the same, the packet does
> not match.
If you would append opcodes to the enum rather than inserting them, you
would find you wouldn't break everyone's firewalls when they install their
kernel and reboot before installing world.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the cvs-all
mailing list