From owner-cvs-src@FreeBSD.ORG  Mon Aug  9 16:12:11 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 12D4516A4CE; Mon,  9 Aug 2004 16:12:10 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C8E7843D58; Mon,  9 Aug 2004 16:12:10 +0000 (GMT)
	(envelope-from andre@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i79GCA7O064831;
	Mon, 9 Aug 2004 16:12:10 GMT
	(envelope-from andre@repoman.freebsd.org)
Received: (from andre@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i79GCAOB064830;
	Mon, 9 Aug 2004 16:12:10 GMT
	(envelope-from andre)
Message-Id: <200408091612.i79GCAOB064830@repoman.freebsd.org>
From: Andre Oppermann <andre@FreeBSD.org>
Date: Mon, 9 Aug 2004 16:12:10 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c src/sbin/ipfw ipfw.8
 ipfw2.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2004 16:12:11 -0000

andre       2004-08-09 16:12:10 UTC

  FreeBSD src repository

  Modified files:
    sys/netinet          ip_fw.h ip_fw2.c 
    sbin/ipfw            ipfw.8 ipfw2.c 
  Log:
  New ipfw option "antispoof":
  
   For incoming packets, the packet's source address is checked if it
   belongs to a directly connected network.  If the network is directly
   connected, then the interface the packet came on in is compared to
   the interface the network is connected to.  When incoming interface
   and directly connected interface are not the same, the packet does
   not match.
  
  Usage example:
  
   ipfw add deny ip from any to any not antispoof in
  
  Manpage education by:   ru
  
  Revision  Changes    Path
  1.148     +38 -2     src/sbin/ipfw/ipfw.8
  1.53      +11 -1     src/sbin/ipfw/ipfw2.c
  1.86      +1 -0      src/sys/netinet/ip_fw.h
  1.67      +11 -0     src/sys/netinet/ip_fw2.c