pf: antispoofing and LANs

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Doug Milam <doug_milam@...>

To: <misc@...>

Subject: pf: antispoofing and LANs

Date: Tuesday, December 4, 2007 - 1:29 pm

Hello,

From reading the documentation, I couldn't quite tell where the antispoofing rule should fall in a pf ruleset.

Is this syntax correct? I thought I'd be able to access another LAN machine freely via ssh (I've already tested that ssh does work without a firewall), but I cannot.

table { 192.168.0.0/24 }

block all
antispoof for $ext_if
pass in quick on $ext_if from to $ext_if
pass out quick on $ext_if from $ext_if to

Thanks,
DM

--
Be aware. Stay present. Speak honestly.

---------------------------------
Never miss a thing. Make Yahoo your homepage.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

pf: antispoofing and LANs, Doug Milam, (Tue Dec 4, 1:29 pm)


linux-kernel:
Eric Sandeen	Re: [RFC] Heads up on sys_fallocate()
FUJITA Tomonori	Re: Integration of SCST in the mainstream Linux kernel
Anton Salikhmetov	[PATCH -v8 3/4] Enable the MS_ASYNC functionality in sys_msync()
Jeff Garzik	Re: [Bug #11210] libata badness
git:

linux-netdev:
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Corey Minyard	[PATCH 3/3] Convert the UDP hash lock to RCU
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Herbert Xu	Re: xfrm_state locking regression...
openbsd-misc:

pf: antispoofing and LANs

Online users