[feature] ipfw verrevpath/versrcreach?
Gleb Smirnoff
glebius at FreeBSD.org
Sun Jan 1 09:58:04 PST 2006
On Sat, Dec 31, 2005 at 12:50:57AM +0100, ?ukasz Bromirski wrote:
?> Is there by any chance work being done on pf to include functionality
?> that is present in FreeBSD ipfw, that checks if packet entered
?> router via correct interface as pointed out by routing table?
?>
?> I know there is antispoof, but it's simple check of connected network
?> and interface address, not full lookup to routing table contents.
?> On ipfw it's called verrevpath (checking if routing table points
?> for this source IP to the interface it came on) and versrcreach
?> (the same but default and blackhole routes don't count).
Implementing this feature is very easy. The code that does this
check is only a few lines. You can just copy and paste code from
ipfw(4) and add new keywords to pf(4). Then submit patch to Daniel
and Max.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-pf
mailing list