From owner-freebsd-questions Tue Oct 9 11:26:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail-relay1.mirrorimage.net (mail-relay1.mirrorimage.net [209.58.140.11]) by hub.freebsd.org (Postfix) with ESMTP id 3EB7437B407 for ; Tue, 9 Oct 2001 11:26:23 -0700 (PDT) Received: from leblanc.mirrorimage.net (leblanc.mirrorimage.net [209.192.210.146]) by mail-relay1.mirrorimage.net (8.9.3/8.9.3) with ESMTP id OAA28574 for ; Tue, 9 Oct 2001 14:26:22 -0400 Received: (from leblanc@localhost) by leblanc.mirrorimage.net (8.11.6/8.11.4) id f99IQst40988 for freebsd-questions@FreeBSD.ORG; Tue, 9 Oct 2001 14:26:54 -0400 (EDT) (envelope-from leblanc) Date: Tue, 9 Oct 2001 14:26:54 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.ORG Subject: Re: Another firewall question - spoofing prevention and syntax Message-ID: <20011009142653.B64668@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20011008233219.C589@acadia.ne.mediaone.net> <20011009034832.M350@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20011009034832.M350@blossom.cjclark.org> User-Agent: Mutt/1.3.22.1i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 10/09/01 03:48 AM, Crist J. Clark sat at the `puter and typed: > > . . . > > "(null)" is not a valid interface specification. However, > > # Refuse incoming packets pretending to be from the external address. > ipfw add deny log all from $IPADDR to any in > > # Refuse incoming packets claiming to be from a Class A, B or C > private network > ipfw add deny all from $CLASS_A to any in > ipfw add deny all from $CLASS_B to any in > ipfw add deny all from $CLASS_C to any in > > Is perfectly vaild. Ok, but does this discriminate the interface? If I have an internal network using an IP range in one of these classes, won't this kill it? Thanks again Lou PS. I'll send the rc.firewall on the other thread with the sections applicable above commented out, as I did until I could ensure its correctness. -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ The unfacts, did we have them, are too imprecisely few to warrant our certitude. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message