Date: Sat, 16 Oct 1999 11:08:18 -0700 From: The Mad Scientist <madscientist@thegrid.net> To: freebsd-questions@freebsd.org Subject: Re: anti-spoofing Message-ID: <4.1.19991016110300.0094b470@mail.thegrid.net> In-Reply-To: <19991014020452.A2240@best.com> References: <19991004001028.A1795@keltia.freenix.fr> <10882.991003@cityline.ru> <19991004001028.A1795@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:04 AM 10/14/99 -0700, you wrote: > >[sorry about getting here few days late -- way WAY behind on my email] > >I think pepole should be blocking the following in addition to rfc1918: > > >!see http://www.ietf.org/internet-drafts/draft-manning-dsua-01.txt > deny ip host 0.0.0.0 any log > deny ip 127.0.0.0 0.255.255.255 any log >! example.{com|net}, DHCP default and Multicast > deny ip 192.0.2.0 0.0.0.255 any log > deny ip 169.254.0.0 0.0.255.255 any log > deny ip 224.0.0.0 0.15.255.255 any log > > >Above is from my cisco router. I'd say first two lines are probably more >important then last three. > >-- Yan > So, translating this to ipfw, it would be: ipfw add 525 deny log ip from 192.0.2.0/24 to any in via ${out_if} ipfw add 550 deny log ip from 169.254.0.0/16 to any in via ${out_if} ipfw add 575 deny log ip from 224.0.0.0/8 to any in via ${out_it} ${out_if} is my outside interface. Correct? TIA, -Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19991016110300.0094b470>