From owner-freebsd-questions  Mon Oct  8 20:32:29 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.147.1.144])
	by hub.freebsd.org (Postfix) with ESMTP id D501F37B405
	for <freebsd-questions@FreeBSD.org>; Mon,  8 Oct 2001 20:32:25 -0700 (PDT)
Received: from acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189])
	by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id f993Wfh13826
	for <freebsd-questions@FreeBSD.org>; Mon, 8 Oct 2001 23:32:42 -0400 (EDT)
Received: (from leblanc@localhost)
	by acadia.ne.mediaone.net (8.11.6/8.11.5) id f993WK204323
	for freebsd-questions@FreeBSD.org; Mon, 8 Oct 2001 23:32:20 -0400 (EDT)
	(envelope-from leblanc)
Date: Mon, 8 Oct 2001 23:32:20 -0400
From: Louis LeBlanc <leblanc+freebsd@smtp.ne.mediaone.net>
To: freebsd-questions@FreeBSD.org
Subject: Another firewall question - spoofing prevention and syntax
Message-ID: <20011008233219.C589@acadia.ne.mediaone.net>
Reply-To: freebsd-questions@FreeBSD.org
Mail-Followup-To: freebsd-questions@FreeBSD.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.3.22.1i
X-bright-idea: Lets abolish HTML mail!
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Another firewall question, not for the faint of heart:

Is the following valid?

# Refuse incoming packets pretending to be from the external address.
ipfw add deny log all from $IPADDR to any via (null) in  

# Refuse incoming packets claiming to be from a Class A, B or C
private network
ipfw add deny all from $CLASS_A to any via (null) in
ipfw add deny all from $CLASS_B to any via (null) in
ipfw add deny all from $CLASS_C to any via (null) in


I can't find any reference to the use of (null) as the interface name
to prevent spoofing, but the tool I use online does this
automagically.

Any ideas?

TIA & HAND
Lou
-- 
Louis LeBlanc       leblanc@acadia.ne.mediaone.net
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://acadia.ne.mediaone.net                 ԿԬ

QOTD:
  Y'know how s'm people treat th'r body like a TEMPLE?
  Well, I treat mine like 'n AMUSEMENT PARK...  S'great...


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message