From owner-freebsd-questions@FreeBSD.ORG Tue Sep 9 09:12:20 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3F5F16A4BF for ; Tue, 9 Sep 2003 09:12:19 -0700 (PDT) Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id C61A243FBD for ; Tue, 9 Sep 2003 09:12:18 -0700 (PDT) (envelope-from Alexander.Farber@t-online.de) Received: from fwd09.aul.t-online.de by mailout09.sul.t-online.com with smtp id 19wl6H-0005zW-07; Tue, 09 Sep 2003 18:12:17 +0200 Received: from pref.my.domain (rAL9AwZCYeLGkOVziqsoDAMgYAoVJkSIb+Igykm69AXuEQ+QvPBo6g@[217.225.49.17]) by fwd09.sul.t-online.com with esmtp id 19wl6D-0x3fFY0; Tue, 9 Sep 2003 18:12:13 +0200 Received: from pref.my.domain (alex@localhost [127.0.0.1]) by pref.my.domain (8.12.8/8.12.8) with ESMTP id h89G9aBn029477 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 9 Sep 2003 16:09:37 GMT Received: (from alex@localhost) by pref.my.domain (8.12.8/8.12.9/Submit) id h89G9ZrB006228 for freebsd-questions@freebsd.org; Tue, 9 Sep 2003 16:09:35 GMT Date: Tue, 9 Sep 2003 16:09:35 +0000 From: Alexander.Farber@t-online.de (Alexander Farber) To: freebsd-questions@freebsd.org Message-ID: <20030909160935.GA13801@pref.my.domain> References: <004001c37540$cdf13680$0400a8c0@fire> <002201c37543$49d01c60$0100a8c0@guilmot2cimcs9> <003301c3756e$dd43b440$f4f0a8c0@pcmedx.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <003301c3756e$dd43b440$f4f0a8c0@pcmedx.com> X-Url: X-Operating-System: OpenBSD 3.3 i386 User-Agent: Mutt/1.5.4i X-Seen: false X-ID: rAL9AwZCYeLGkOVziqsoDAMgYAoVJkSIb+Igykm69AXuEQ+QvPBo6g Subject: Re: Spoofing, defense? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2003 16:12:20 -0000 I've always wondered, why write the firewall rules blocking some IP addresses (like on the bottom of this mail). Doesn't it make more sense only to allow connections addressed to the external IP of your firewall, like block in on rl0 from any to any pass in quick on rl0 from any to $myExtIP www pass in quick on rl0 from any to $myExtIP ssh Regards Alex On Sun, Sep 07, 2003 at 11:35:51AM -0700, Mike Maltese wrote: > A complete list of valid address ranges can be found at > http://www.iana.org/assignments/ipv4-address-space. > > > Alex Zivenko wrote: > > > Everybody know what is spoofing. P.S. Really? ;-) > > In my firewall I prevent it like: > > > > # Anti-spoof, no loggin [ I hate reading them ;-) ] > > > > block in quick on rl0 from 192.168.0.0/16 to any #RFC 1918 private IP > > > > block in quick on rl0 from 172.16.0.0/12 to any #RFC 1918 private IP > > > > block in quick on rl0 from 10.0.0.0/8 to any #RFC 1918 private IP > > > > block in quick on rl0 from 127.0.0.0/8 to any #loopback > > > > block in quick on rl0 from 0.0.0.0/8 to any #loopback > > > > block in quick on rl0 from 169.254.0.0/16 to any #DHCP auto-config > > > > block in quick on rl0 from 192.0.2.0/24 to any #reserved for doc's > > > > block in quick on rl0 from 204.152.64.0/23 to any #Sun cluster > > > > block in quick on rl0 from 224.0.0.0/3 to any #Class D & E multicast