Date: Sat, 31 Dec 2005 01:34:07 +0100 From: Olivier Warin <daffy@xview.net> To: freebsd-pf@freebsd.org Subject: Re: [feature] ipfw verrevpath/versrcreach? Message-ID: <8669F63F-2290-446E-90AF-C95FE5C17129@xview.net> In-Reply-To: <43B5C7E1.8060400@mr0vka.eu.org> References: <20051227084823.28384.qmail@web32611.mail.mud.yahoo.com> <20051227122546.GE81@insomnia.benzedrine.cx> <43B5C7E1.8060400@mr0vka.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, This feature will help to mitigate DoS atttacks, I vote for :-) verrevpath & versrcreach are references to Cisco Revers Path Forwarding algorithm and was first time cited in RFC1812. I would add that, AFAIK, the partial implementation, antispoof, (which is unable to make the distinction between "strict" & "loose" modes) prevents pf to be used on Internet eXchange Points, in an ISP- ISP environment (because of asymmetric routing). Maybee recent commits in pf related to openbgpd change this ? Regards, Le 31 déc. 05 à 00:50, Łukasz Bromirski a écrit : > Hi all, > > Is there by any chance work being done on pf to include functionality > that is present in FreeBSD ipfw, that checks if packet entered > router via correct interface as pointed out by routing table? > > I know there is antispoof, but it's simple check of connected network > and interface address, not full lookup to routing table contents. > On ipfw it's called verrevpath (checking if routing table points > for this source IP to the interface it came on) and versrcreach > (the same but default and blackhole routes don't count). > > -- > this space was intentionally left blank | Łukasz > Bromirski > you can insert your favourite quote here | > lukasz:bromirski,net > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" -- Olivier Warin - http://xview.net Stay connected !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8669F63F-2290-446E-90AF-C95FE5C17129>