On Thu, Feb 27, 2003 at 02:02:53PM +0100, Sten Daniel S?rsdal wrote:
>
> Has anyone made any patches to lookup the source ip for a packet to be routed
> so that it comes from the right interface?
> I've heard alot of talk from people going to write patches to do this
> but no patches have turned up and no help from google.
>
> What i am looking for is a feature that basically prevents spoofing by looking
> the route for the source and match the incoming interface.
> A firewall solves the problem but adds alot of administrative overhead and
> leaves room for error.
>
> Is this feature even possible on FreeBSD?
For the sake of the email archive (since I know the post's author is
already aware of this):
Yes this is possible. I just added an option to ipfw(8) to do this. It
is called 'verrevpath.' See the thread "Anti-Spoofing Option" on the
freebsd-ipfw list. Coming soon to a FreeBSD repository near you.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
