Antispoofing needs to be configured for 1) All interfaces, or 2) No
interfaces. You can't configure antispoofing for only one interface-- it
sort of defeats the whole purpose. With antispoofing, firewall-1 needs to
know what it should see on every interface.
-Warren.
-----Original Message-----
From: felix [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 02, 2001 3:49 PM
To: Fw-1-Mailinglist
Subject: [FW1] Turn off ip spoofing on internal LANHiFor some reasons I need to turn off the IP spoofing on my internal Nics in Firewall Box, of course I'll keep IP spoofing on external Nic on the firewall box! Meanwhile I will disallow traffic from DMZ to Localnet. Do you guys think it's ok? By doing this do I run any potential security risk or not? The condition is that no internal guy will be acted as a hacker.Thanks!
