Date: Tue, 10 Aug 2004 11:02:10 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Andre Oppermann <andre@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <Pine.NEB.3.96L.1040810110044.84194A-100000@fledge.watson.org> In-Reply-To: <200408091612.i79GCAOB064830@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 9 Aug 2004, Andre Oppermann wrote: > Modified files: > sys/netinet ip_fw.h ip_fw2.c > sbin/ipfw ipfw.8 ipfw2.c > Log: > New ipfw option "antispoof": > > For incoming packets, the packet's source address is checked if it > belongs to a directly connected network. If the network is directly > connected, then the interface the packet came on in is compared to > the interface the network is connected to. When incoming interface > and directly connected interface are not the same, the packet does > not match. If you would append opcodes to the enum rather than inserting them, you would find you wouldn't break everyone's firewalls when they install their kernel and reboot before installing world. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040810110044.84194A-100000>