Date: Wed, 24 Jul 2013 08:36:29 +0000 (UTC) From: Stefan Esser <se@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r253597 - head/sbin/ipfw Message-ID: <201307240836.r6O8aT7V080166@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: se Date: Wed Jul 24 08:36:29 2013 New Revision: 253597 URL: http://svnweb.freebsd.org/changeset/base/253597 Log: Remove duplicated parapgraph. MFC after: 3 days Modified: head/sbin/ipfw/ipfw.8 Modified: head/sbin/ipfw/ipfw.8 ============================================================================== --- head/sbin/ipfw/ipfw.8 Wed Jul 24 08:02:56 2013 (r253596) +++ head/sbin/ipfw/ipfw.8 Wed Jul 24 08:36:29 2013 (r253597) @@ -3049,16 +3049,6 @@ option could be used to (re)mark user tr by adding the following to the appropriate place in ruleset: .Pp .Dl "ipfw add setdscp be ip from any to any dscp af11,af21" -.Pp -This rule drops all incoming packets that appear to be coming from another -directly connected system but on the wrong interface. -For example, a packet with a source address of -.Li 192.168.0.0/24 , -configured on -.Li fxp0 , -but coming in on -.Li fxp1 -would be dropped. .Ss DYNAMIC RULES In order to protect a site from flood attacks involving fake TCP packets, it is safer to use dynamic rules:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307240836.r6O8aT7V080166>