Blocking Spoofed Packets
Given this initial code:
Quote:
# Macros
# The external interface (connected to internet)
ext_if="re0"
# don't filter on the loopback interface
set skip on lo0
|
Which is better between these follows code?
1)
Quote:
antispoof quick for $ext_if
|
2)
Quote:
antispoof quick for $ext_if inet
|
3)
Quote:
antispoof quick for { lo $ext_if }
|
All these variant works, previously i used the last because exist even an example here:
The Complete Ruleset
but i have the impression that isn't useful given the skip instruction.
Using the first i can drop even ipv6 address (now i'm using ipv4 address).