[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf.conf macro help needed

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: pf.conf macro help needed
From: "Oliver J. Morais" <oliver_(_dot_)_morais_(_at_)_chello_(_dot_)_at>
Date: Wed, 9 Feb 2005 20:41:09 +0100
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
Organization: Mobile Infantry

* J.D. Bronson <jbronson_(_at_)_wixb_(_dot_)_com> [050209 19:41]:
> Now I just have to figure out how to block spoofed IPs from the internet.
> My current router (cisco) blocks groups of IPs if they appear on the WAN 
> interfaces....

man pf.conf | less -p antispoof

Example from 'man pf.conf':

table <private> const { 10/8, 172.16/12, 192.168/16 }
table <badhosts> persist
block on fxp0 from { <private>, <badhosts> } to any

> antispoof with pf, seems to be related to a specific interface and the IPs 
> associated with it?

Why not just give it a try:

$ cat pf.test
antispoof for fxp0

$ pfctl -n -v -f pf.test
block drop in on ! fxp0 inet from 10.0.0.0/24 to any
block drop in on fxp0 inet6 from fe80::209:6bff:fecd:25c0 to any
block drop in inet from 10.0.0.10 to any

References:
- pf.conf macro help needed
  - From: J.D. Bronson
- Re: pf.conf macro help needed
  - From: Oliver J. Morais

Prev by Date: Re: FORCE_SSL_PROMPT in lynx
Next by Date: Re: FORCE_SSL_PROMPT in lynx
Previous by thread: Re: pf.conf macro help needed
Next by thread: Re: pf.conf macro help needed
Index(es):
- Date
- Thread

Visit your host, monkey.org