From owner-cvs-src Fri Mar 14 17:13: 3 2003 Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5461F37B401; Fri, 14 Mar 2003 17:13:01 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0489A43F3F; Fri, 14 Mar 2003 17:13:01 -0800 (PST) (envelope-from cjc@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h2F1D00U073316; Fri, 14 Mar 2003 17:13:00 -0800 (PST) (envelope-from cjc@repoman.freebsd.org) Received: (from cjc@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h2F1D0s3073311; Fri, 14 Mar 2003 17:13:00 -0800 (PST) Message-Id: <200303150113.h2F1D0s3073311@repoman.freebsd.org> From: "Crist J. Clark" Date: Fri, 14 Mar 2003 17:13:00 -0800 (PST) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c src/sys/netinet ip_fw.h ip_fw2.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-src@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG cjc 2003/03/14 17:13:00 PST FreeBSD src repository Modified files: sbin/ipfw ipfw2.c ipfw.8 sys/netinet ip_fw.h ip_fw2.c Log: Add a 'verrevpath' option that verifies the interface that a packet comes in on is the same interface that we would route out of to get to the packet's source address. Essentially automates an anti-spoofing check using the information in the routing table. Experimental. The usage and rule format for the feature may still be subject to change. Revision Changes Path 1.122 +28 -0 src/sbin/ipfw/ipfw.8 1.23 +10 -0 src/sbin/ipfw/ipfw2.c 1.76 +2 -0 src/sys/netinet/ip_fw.h 1.28 +50 -0 src/sys/netinet/ip_fw2.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message