Michael Mansour wrote:
Why is it such a bad idea? I remember when I didn't use it my firewalls would get hammered with those rfc1918 spoofed addresses.
Because:
a) 'norfc1918' does nothing that you can't do with three simple DROP rules:
DROP net:10.0.0.0/8 all
DROP net:172.16.0.0/12 all
DROP net:192.168.0.0/16 all
b) Those 'spoofed' addresses are probably just fools in your neighborhood
who haven't a clue how to configure their systems. Never attribute to malice
that which can be explained by stupidity.
-tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
