Tom Worster wrote:
thanks, nikos.
You're welcome.
i'm interested in your other comment about the risks of using "me".
All I am saying is that you have to take care of "attacks" which use "me" addresses. Packets with source address a "me" address coming from a network interface, AKA spoofed packets. Apparently a "me" source address cannot come from a wire[1], right? It's not a great risk, but you better filter them out. Also, it is very possible that such attacks are not applicable to your network. Or not. I am just pointing the possible false sense of security when using rules which match "me" addresses. Just be sure that "me" is really your firewall and not somebody else... for the
best possible security, i'll post my ruleset here for y'all to review ... or maybe not :-)
You better not:) [1] by the word wire, I mean every non-loopback interface Nikos _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
