uRPF on FreeBSD
Haesu
haesu at towardex.com
Thu Oct 2 20:45:52 PDT 2003
Is there any reverse-path verification feature in FreeBSD kernel?
reverse-path verification as in uRPF (unicast reverse path filtering) widely
used for anti-ip-spoofing.
If it is supported, then does FreeBSD's uPRF implementation also allow loose
and strict check like on Cisco?
Also... one last question that goes with this..
If uRPF feature is in FreeBSD, and if I route a prefix to ds0 (discard/null
interface "pseudo-device disc"), and a packet originates with source of a route
that is forwarded to ds0, would that invoke a verification drop? On Cisco, if
an origin packet has a source ip that's routed to Null0 or does not exist in
routing table (this is under loose check), then it would cause a verification
drop..
Thanks!
-hc
--
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu at towardex.com
Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033 | POC: HAESU-ARIN
More information about the freebsd-isp
mailing list