Tom Worster wrote:

thanks, nikos.

You're welcome.

i'm interested in your other comment about the risks of using "me".

All I am saying is that you have to take care of "attacks" which use "me"
addresses. Packets with source address a "me" address coming from a network
interface, AKA spoofed packets. Apparently a "me" source address cannot
come from a wire[1], right?

It's not a great risk, but you better filter them out. Also, it is very
possible that such attacks are not applicable to your network. Or not.

I am just pointing the possible false sense of security when
using rules which match "me" addresses. Just be sure that "me"
is really your firewall and not somebody else...

for the
best possible security, i'll post my ruleset here for y'all to review ... or
maybe not :-)

You better not:)

[1] by the word wire, I mean every non-loopback interface

_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to