Molle Bestefich wrote:
Bill Marquette wrote:
anti-spoofing is _not_ automated...the antispoof rules/syntax only
protect the firewalls interfaces itself, not networks behind it.
I'm having a hard time grasping the exact automatic anti-spoofing
rules in pfSense, I think because they are not visually exposed
anywhere in the webGUI.
(I have a sneaking suspicion that many m0n0wall and pfSense users
simply disregard the need and/or existence of/for antispoofing because
it's hidden..)
most of them wouldn't know they should put them in there anyway.
unless this has changed in pfsense, Bill isn't right unless I'm
misunderstanding what he's saying.
In m0n0wall, it automatically builds hidden antispoofing rules based
upon the routing table. Basically like uRPF. I believe pfsense should
work identically to this, somebody want to confirm or deny this? This
is really only useful for preventing spoofed traffic from passing
through the firewall, but that's all the anti-spoofing protection
measures you can generally take anyway (in addition to blocking private
networks and bogons on the WAN).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
