cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c

Andre Oppermann andre at
Fri Apr 23 07:28:40 PDT 2004

andre       2004/04/23 07:28:39 PDT

  FreeBSD src repository

  Modified files:
    sbin/ipfw            ipfw.8 ipfw2.c 
  Add the option versrcreach to verify that a valid route to the
  source address of a packet exists in the routing table.  The
  default route is ignored because it would match everything and
  render the check pointless.
  This option is very useful for routers with a complete view of
  the Internet (BGP) in the routing table to reject packets with
  spoofed or unrouteable source addresses.
   ipfw add 1000 deny ip from any to any not versrcreach
  also known in Cisco-speak as:
    ip verify unicast source reachable-via any
  Reviewed by:    luigi
  Revision  Changes    Path
  1.143     +17 -1     src/sbin/ipfw/ipfw.8
  1.47      +11 -1     src/sbin/ipfw/ipfw2.c

More information about the cvs-src mailing list