Re: uRPF on FreeBSD
From: Tom (tom_at_sdf.com)
Date: 10/03/03
- Previous message: Haesu: "uRPF on FreeBSD"
- In reply to: Haesu: "uRPF on FreeBSD"
- Next in thread: Haesu: "Re: uRPF on FreeBSD"
- Reply: Haesu: "Re: uRPF on FreeBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 3 Oct 2003 00:00:35 -0700 (PDT) To: Haesu <haesu@towardex.com>
On Thu, 2 Oct 2003, Haesu wrote:
> Is there any reverse-path verification feature in FreeBSD kernel?
>
> reverse-path verification as in uRPF (unicast reverse path filtering) widely
> used for anti-ip-spoofing.
>
> If it is supported, then does FreeBSD's uPRF implementation also allow loose
> and strict check like on Cisco?
...
Usually RPF is just done with ACLs (ipfw) on FreeBSD. It can be a
simple as have a simple input list on each interface that only permits
sources that are known to be on that interface. Since most systems aren't
running a routing protocol, so there aren't many routes and/or they don't
change often, it is probably the simplest way of doing this.
Tom
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Haesu: "uRPF on FreeBSD"
- In reply to: Haesu: "uRPF on FreeBSD"
- Next in thread: Haesu: "Re: uRPF on FreeBSD"
- Reply: Haesu: "Re: uRPF on FreeBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
