Re: high volume from outside our networks question

Hi, Richard, I reject spoofed IPs more or less like this: # Do some checks for obviously spoofed IP's $IPT -t nat -A PREROUTING -i $INET_IFACE -s 127.0.0.0/8 -j DROP $IPT -t nat -A PREROUTING -i $INET_IFACE -s 10.0.0.0/8 -j DROP $IPT -t nat -A PREROUTING -i $INET_IFACE -s 172.16.0.0/12 -j DROP $

Re: high volume from outside our networks question

On 1/31/13 7:05 PM, rich carroll wrote: > > antispoof log quick for em0 inet > > but that did not trigger on any of the requests. This leads to nowhere in your specific case, check 'pfctl -sr' and the docs[1] to learn how this rule expands. [1] http://www.openbsd.org/faq/pf/filter.html#antispoof

Re: high volume from outside our networks question

Currently the box is running packet filter on freebsd. I added: antispoof log quick for em0 inet but that did not trigger on any of the requests. I am going to mess with views some time today, but if that doesn't stop responses to requests from the outside, other then our domains, we will move