Date: Fri, 28 Feb 2003 09:38:04 +0100 From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no> To: "Bruce M Simpson" <bms@spc.org> Cc: <freebsd-net@FreeBSD.org> Subject: SV: Source ip route lookup on incoming packets? Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DE64@exchange.wanglobal.net>
next in thread | raw e-mail | index | archive | help
>On Thu, Feb 27, 2003 at 02:02:53PM +0100, Sten Daniel S?rsdal wrote: >> What i am looking for is a feature that basically prevents spoofing = by looking >> the route for the source and match the incoming interface.=20 >> A firewall solves the problem but adds alot of administrative = overhead and=20 >> leaves room for error. >Check the net.inet.ip.check_interface sysctl. >It may be what you're looking for. >BMS Thank you for your reply! I havent had a clear explanation of that one (tried the RFC too). But does this one really stop spoofing for routed packets as well? I got some border routers running BGP - three of which have full = internet feed. Would this block spoofed packets from my network and would it block incoming source IPs that "come" from nonexistant networks? - Sten To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0AF1BBDF1218F14E9B4CCE414744E70F07DE64>