Spoofing, defense?
Alexander Farber
Alexander.Farber at t-online.de
Tue Sep 9 09:12:20 PDT 2003
I've always wondered, why write the firewall rules
blocking some IP addresses (like on the bottom of this mail).
Doesn't it make more sense only to allow connections
addressed to the external IP of your firewall, like
block in on rl0 from any to any
pass in quick on rl0 from any to $myExtIP www
pass in quick on rl0 from any to $myExtIP ssh
Regards
Alex
On Sun, Sep 07, 2003 at 11:35:51AM -0700, Mike Maltese wrote:
> A complete list of valid address ranges can be found at
> http://www.iana.org/assignments/ipv4-address-space.
>
> > Alex Zivenko wrote:
> > > Everybody know what is spoofing.
P.S. Really? ;-)
> > In my firewall I prevent it like:
> >
> > # Anti-spoof, no loggin [ I hate reading them ;-) ]
> >
> > block in quick on rl0 from 192.168.0.0/16 to any #RFC 1918 private IP
> >
> > block in quick on rl0 from 172.16.0.0/12 to any #RFC 1918 private IP
> >
> > block in quick on rl0 from 10.0.0.0/8 to any #RFC 1918 private IP
> >
> > block in quick on rl0 from 127.0.0.0/8 to any #loopback
> >
> > block in quick on rl0 from 0.0.0.0/8 to any #loopback
> >
> > block in quick on rl0 from 169.254.0.0/16 to any #DHCP auto-config
> >
> > block in quick on rl0 from 192.0.2.0/24 to any #reserved for doc's
> >
> > block in quick on rl0 from 204.152.64.0/23 to any #Sun cluster
> >
> > block in quick on rl0 from 224.0.0.0/3 to any #Class D & E multicast
More information about the freebsd-questions
mailing list