You have to be aware that this otoh might open you to DoS attacks. People spoofing connections from your address will lock you out from your own server.
It requires spoofing a full TCP connect, which is more difficult than most DoS types are willing to do. Even harder if you're doing "reassemble tcp" to protect the weak hosts's SYN packets. I've never heard a report of this kind of DoS in practice. -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
