On Sat, Dec 31, 2005 at 12:50:57AM +0100, ?ukasz Bromirski wrote: ?> Is there by any chance work being done on pf to include functionality ?> that is present in FreeBSD ipfw, that checks if packet entered ?> router via correct interface as pointed out by routing table? ?> ?> I know there is antispoof, but it's simple check of connected network ?> and interface address, not full lookup to routing table contents. ?> On ipfw it's called verrevpath (checking if routing table points ?> for this source IP to the interface it came on) and versrcreach ?> (the same but default and blackhole routes don't count).
Implementing this feature is very easy. The code that does this check is only a few lines. You can just copy and paste code from ipfw(4) and add new keywords to pf(4). Then submit patch to Daniel and Max. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
