* Nerius Landys <[email protected]> [2010-10-20 08:46]: > 1. Why can't I spoof a source address of 127.0.0.1?
we have some special protection for 127.0.0.1 in the stack > 2. What specific rules would you recommend for preventing spoofed > packets people spend too much time on this. make sure nobody spoofs your own IPs (or, more precise, any IP you do access control with) and be done with it. really, spoofing has to be fought at the source, you can't layer. so you want to make sure only packets with your own IPs as src leave your network. > By the way I'm using FreeBSD 8.0 and 7.1. as in, ancient and crippled pf. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
