From owner-freebsd-questions Sat Oct 16 11: 8:54 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mta3.snfc21.pbi.net (mta3.snfc21.pbi.net [206.13.28.141]) by hub.freebsd.org (Postfix) with ESMTP id 106FA14D80 for ; Sat, 16 Oct 1999 11:08:39 -0700 (PDT) (envelope-from madscientist@thegrid.net) Received: from remus ([63.193.246.169]) by mta3.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.1999.09.16.21.57.p8) with SMTP id <0FJP00F4IJQCLT@mta3.snfc21.pbi.net> for freebsd-questions@freebsd.org; Sat, 16 Oct 1999 11:08:37 -0700 (PDT) Date: Sat, 16 Oct 1999 11:08:18 -0700 From: The Mad Scientist Subject: Re: anti-spoofing In-reply-to: <19991014020452.A2240@best.com> X-Sender: i289861@mail.thegrid.net To: freebsd-questions@freebsd.org Message-id: <4.1.19991016110300.0094b470@mail.thegrid.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Content-type: text/plain; charset="us-ascii" References: <19991004001028.A1795@keltia.freenix.fr> <10882.991003@cityline.ru> <19991004001028.A1795@keltia.freenix.fr> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 02:04 AM 10/14/99 -0700, you wrote: > >[sorry about getting here few days late -- way WAY behind on my email] > >I think pepole should be blocking the following in addition to rfc1918: > > >!see http://www.ietf.org/internet-drafts/draft-manning-dsua-01.txt > deny ip host 0.0.0.0 any log > deny ip 127.0.0.0 0.255.255.255 any log >! example.{com|net}, DHCP default and Multicast > deny ip 192.0.2.0 0.0.0.255 any log > deny ip 169.254.0.0 0.0.255.255 any log > deny ip 224.0.0.0 0.15.255.255 any log > > >Above is from my cisco router. I'd say first two lines are probably more >important then last three. > >-- Yan > So, translating this to ipfw, it would be: ipfw add 525 deny log ip from 192.0.2.0/24 to any in via ${out_if} ipfw add 550 deny log ip from 169.254.0.0/16 to any in via ${out_if} ipfw add 575 deny log ip from 224.0.0.0/8 to any in via ${out_it} ${out_if} is my outside interface. Correct? TIA, -Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message