Den sön 9 apr. 2023 kl 11:56 skrev <[email protected]>: > > Hello, I am new to OpenBSD in terms of using it as a home router/firewall. Im > trying to implement the OpenBSD equivalent or similar way of doing things > like I did on my Linux Router. Are there are equivalent ways/programs for the > following: > > 1. Reverse Path Filter (Like on Linux).
PF antispoof and urpf is available. "man pf.conf" > 2. Protection against DHCP Starvation attacks. Give the important machines static entries, if you are concerned that hundreds or thousands of boxes/macs will eat up all dynamic ranges. Or use ipv6. Or perhaps 802.1x "authentication" where the mac is the password for radius so that unknown/undesired entries get the "wrong" network, if your switches support 802.1x. > 3. DHCP Snooping > > 4. Reply-Only ARP system with features like(automatically adding arps for > leases) that keep people from setting a static ip on the network and > bypassing the queueing done by pf. You can have dhcpd add handed out entries to a list, for which PF later can block. "man dhcpd" for the various lists it populates. > P.S.: If there are any ways of doing these options above can you point me to > the right documentation as I have tried to research but couldn’t find any > thing on these subjects listed above. -- May the most significant bit of your life be positive.
