Someone's guide to pf made the intelligent observation that if you use antispoof, you can often avoid specifying an interface in the filter rules that also refer to IPs (or ranges), because you already know what interface those are coming from.
However, I wanted to point out that you can't really use antispoof on an interface with a default route to/from it, since any IP (other than those on other interfaces) can come from there. So basically you still need to specify the WAN interface in rules which deal with it. -- ``Unthinking respect for authority is the greatest enemy of truth.'' -- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
pgpzfq7rbCcIJ.pgp
Description: PGP signature