uRPF on FreeBSD
From: Haesu (haesu_at_towardex.com)
Date: 10/03/03
- Previous message: Chris Shenton: "Re: Xserve RAID on FreeBSD"
- Next in thread: Tom: "Re: uRPF on FreeBSD"
- Reply: Tom: "Re: uRPF on FreeBSD"
- Maybe reply: Sten Daniel Sørsdal: "RE: uRPF on FreeBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 2 Oct 2003 23:46:11 -0400 To: freebsd-isp@freebsd.org
Is there any reverse-path verification feature in FreeBSD kernel?
reverse-path verification as in uRPF (unicast reverse path filtering) widely
used for anti-ip-spoofing.
If it is supported, then does FreeBSD's uPRF implementation also allow loose
and strict check like on Cisco?
Also... one last question that goes with this..
If uRPF feature is in FreeBSD, and if I route a prefix to ds0 (discard/null
interface "pseudo-device disc"), and a packet originates with source of a route
that is forwarded to ds0, would that invoke a verification drop? On Cisco, if
an origin packet has a source ip that's routed to Null0 or does not exist in
routing table (this is under loose check), then it would cause a verification
drop..
Thanks!
-hc
-- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | POC: HAESU-ARIN _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Chris Shenton: "Re: Xserve RAID on FreeBSD"
- Next in thread: Tom: "Re: uRPF on FreeBSD"
- Reply: Tom: "Re: uRPF on FreeBSD"
- Maybe reply: Sten Daniel Sørsdal: "RE: uRPF on FreeBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
