Many thanks to all who have replied.
For my needs (which are pretty simple), Occam dictates using antispoof.
But I've learned much about URPF from the discussion. It's been very
interesting.
It would appear to me that antispoof and URPF achieve similar results.
Is there a reason to prefer one over the other?
Help! I'm obviously overlooking something really obvious but I just
can't see it.
I'm building my first PF-based router/firewall using OpenBSD 4.6. For
now, what I
need it to do is pretty simple:
1. Allow all outbound traffic via NAT and allow all inbound responses.
2. Allow only ssh
3 matches
Mail list logo
