Spoofing, defense?
Guilmot Mike
mike.guilmot at pandora.be
Tue Sep 9 09:34:35 PDT 2003
On Tuesday 09 September 2003 18:09, Alexander Farber wrote:
> I've always wondered, why write the firewall rules
> blocking some IP addresses (like on the bottom of this mail).
> Doesn't it make more sense only to allow connections
> addressed to the external IP of your firewall, like
>
> block in on rl0 from any to any
> pass in quick on rl0 from any to $myExtIP www
> pass in quick on rl0 from any to $myExtIP ssh
The question was only to make sure spoofing was impossible. So I showed how to
block the intern IPS, as stated in the RFC's :-)
And I added a few ones too.
What you gave was for a good firewall, what was asked was how to anti-spoof,
right? :-)
--
Kind regards,
Guilmot Mike
More information about the freebsd-questions
mailing list