Ok I will try...
I just don't understand WHY PF considers SPOOF only at network-address level. If you think for a moment, you can compromise a network from inside or outside... and for me is worst if you compromise the network from inside 'cause it's considered a "protected" network.
What I mean is that many firewalls check the single IP instead of network-address related to the interface.
Anyway thank you for your reply!
|