cvs commit: src/sys/netinet ip_fw.h ip_fw2.c src/sbin/ipfw ipfw.8
ipfw2.c
Andre Oppermann
andre at FreeBSD.org
Mon Aug 9 09:12:11 PDT 2004
andre 2004-08-09 16:12:10 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw.h ip_fw2.c
sbin/ipfw ipfw.8 ipfw2.c
Log:
New ipfw option "antispoof":
For incoming packets, the packet's source address is checked if it
belongs to a directly connected network. If the network is directly
connected, then the interface the packet came on in is compared to
the interface the network is connected to. When incoming interface
and directly connected interface are not the same, the packet does
not match.
Usage example:
ipfw add deny ip from any to any not antispoof in
Manpage education by: ru
Revision Changes Path
1.148 +38 -2 src/sbin/ipfw/ipfw.8
1.53 +11 -1 src/sbin/ipfw/ipfw2.c
1.86 +1 -0 src/sys/netinet/ip_fw.h
1.67 +11 -0 src/sys/netinet/ip_fw2.c
More information about the cvs-src
mailing list