Date: Mon, 9 Aug 2004 16:12:10 +0000 (UTC) From: Andre Oppermann <andre@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <200408091612.i79GCAOB064830@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
andre 2004-08-09 16:12:10 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw.h ip_fw2.c
sbin/ipfw ipfw.8 ipfw2.c
Log:
New ipfw option "antispoof":
For incoming packets, the packet's source address is checked if it
belongs to a directly connected network. If the network is directly
connected, then the interface the packet came on in is compared to
the interface the network is connected to. When incoming interface
and directly connected interface are not the same, the packet does
not match.
Usage example:
ipfw add deny ip from any to any not antispoof in
Manpage education by: ru
Revision Changes Path
1.148 +38 -2 src/sbin/ipfw/ipfw.8
1.53 +11 -1 src/sbin/ipfw/ipfw2.c
1.86 +1 -0 src/sys/netinet/ip_fw.h
1.67 +11 -0 src/sys/netinet/ip_fw2.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408091612.i79GCAOB064830>