On Tue, Sep 09, 2003 at 11:37:48AM -0700, Jason Williams wrote:
> Can anyone point out where i've gone wrong on my rules?
Well...
> table <NoRouteIPs> { 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
> }
> # don't allow anyone to spoof non-routeable addresses
> block in log quick on $ext_if from <NoRouteIPs> to any
> block out log quick on $ext_if from any to <NoRouteIPs>
If you're using 192.168.0.0/16 yourself, and expect connections using
such addresses to pass $ext_if, the above is not what you want :)
If that's not the case, explain what addresses, exactly, you have on
your interfaces.
Daniel
