>On Thu, Feb 27, 2003 at 02:02:53PM +0100, Sten Daniel S?rsdal wrote: >> What i am looking for is a feature that basically prevents spoofing by looking >> the route for the source and match the incoming interface. >> A firewall solves the problem but adds alot of administrative overhead and >> leaves room for error. >Check the net.inet.ip.check_interface sysctl. >It may be what you're looking for. >BMS
Thank you for your reply! I havent had a clear explanation of that one (tried the RFC too). But does this one really stop spoofing for routed packets as well? I got some border routers running BGP - three of which have full internet feed. Would this block spoofed packets from my network and would it block incoming source IPs that "come" from nonexistant networks? - Sten To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
