Which is the best antispoof code between these?

aleunix · #1 **(View Single Post)** 9th March 2012

Blocking Spoofed Packets
Given this initial code:

Quote:

# Macros
# The external interface (connected to internet)
ext_if="re0"
# don't filter on the loopback interface
set skip on lo0

Which is better between these follows code?
1)

Quote:

antispoof quick for $ext_if

2)

Quote:

antispoof quick for $ext_if inet

3)

Quote:

antispoof quick for { lo $ext_if }

All these variant works, previously i used the last because exist even an example here:
The Complete Ruleset
but i have the impression that isn't useful given the skip instruction.
Using the first i can drop even ipv6 address (now i'm using ipv4 address).

aleunix · #2 **(View Single Post)** 12th March 2012

Now i'm using the first choice so i can avoid to change the code even if in future there is a change from ipv4 to ipv6.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Security pcAnywhere let anyone anywhere inject code into PCs	J65nko	News	5	8th March 2012 10:56 AM
BSD code is used where?	Broodjegehaktmetmayo	Other BSD and UNIX/UNIX-like	7	8th March 2010 06:19 PM
Obfuscated Code	JMJ_coder	Programming	14	5th November 2009 05:00 PM
Source code for ed?	matt	FreeBSD Ports and Packages	1	21st October 2008 08:18 PM