From owner-freebsd-net@FreeBSD.ORG  Mon Mar 16 16:55:56 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5BD7D1065677
	for <freebsd-net@freebsd.org>; Mon, 16 Mar 2009 16:55:56 +0000 (UTC)
	(envelope-from steve@ibctech.ca)
Received: from cohiba.eagle.ca (cohiba.eagle.ca [208.70.104.203])
	by mx1.freebsd.org (Postfix) with ESMTP id E71A38FC0C
	for <freebsd-net@freebsd.org>; Mon, 16 Mar 2009 16:55:55 +0000 (UTC)
	(envelope-from steve@ibctech.ca)
Received: (qmail 53170 invoked by uid 89); 16 Mar 2009 16:55:53 -0000
Received: from unknown (HELO ?192.168.1.114?) (steveb@eagle.ca@208.70.104.100)
	by cohiba.eagle.ca with ESMTPA; 16 Mar 2009 16:55:53 -0000
Message-ID: <49BE8494.6030305@ibctech.ca>
Date: Mon, 16 Mar 2009 12:55:48 -0400
From: Steve Bertrand <steve@ibctech.ca>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: FreeBSD Net <freebsd-net@freebsd.org>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: uRPF
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2009 16:55:57 -0000

Hi everyone,

I've implemented RTBH within our network, but I have one small issue.

I've got one FreeBSD/Quagga edge router that has an interface which
contains a default route out. Although this will change in the next
while, at this time, it is preventing me from doing reverse path check,
thereby breaking source-based black-holing.

It appears to me that IPFW's verrevpath (and it's kin) do not provide
the ability to perform the RPF check and allow default.

Have there been any advancements in this regard? Am I missing something,
or is there another approach to allowing default with reverse path?

Regards,

Steve