On Sun, Mar 30, 2003 at 06:16:10PM +0200, Srebrenko Sehic wrote: > $ cat /etc/hostname.fxp0 > inet 10.0.3.20 255.0.0.0 NONE > inet alias 10.1.3.20 255.0.0.0 > inet alias 10.2.3.20 255.0.0.0 > inet alias 10.3.3.20 255.0.0.0 > inet alias 10.4.3.20 255.0.0.0 > inet alias 10.5.3.20 255.0.0.0 > > $ grep antispoof /etc/pf.conf > antispoof for fxp0 > > Loading this ruleset will result in, > > $ pfctl -sr | grep '10.0.0.0/8' > block drop in on ! fxp0 inet from 10.0.0.0/8 to any > block drop in on ! fxp0 inet from 10.0.0.0/8 to any > block drop in on ! fxp0 inet from 10.0.0.0/8 to any > block drop in on ! fxp0 inet from 10.0.0.0/8 to any > block drop in on ! fxp0 inet from 10.0.0.0/8 to any > block drop in on ! fxp0 inet from 10.0.0.0/8 to any > > Hence, we get a block statement for each alias, which is I guess fine if > aliases have different masks, but in this case, it's kind a unneccesary. > > No?
yes, that is known. I don't see a real world problem with this; the effect is zero as skip steps solve that nicely. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
