[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new pf in openbsd 3.2

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: new pf in openbsd 3.2
From: Matteo Cavalleri <shiva_(_dot_)_brahma_(_at_)_inwind_(_dot_)_it>
Date: Wed, 06 Nov 2002 03:33:52 +0100

i read the new pf man page but i still have a couple of doubts...

the example in the man page (which IIRC is still the same since 3.1)
uses this rule (let's call it example1)

spoof="{ 127.0.0.1, etc... }"
block in quick on $ext_if from $spoof to any

i read about the new antispoof keywork and how it expands, i read also
about the no-route keyword. if i understood them correclty i should use
them as follow (let's call it example2)

antispoof for $int_if inet
block in quick on $ext_if from no-route to any

now i admit i didn't understand two things: "no-route" means just the
reserved networks just like the ones listed in the $spoof example? or it
include other addresses? can i replace example1 with example2 in my
rules or it wouldn't block some kind of spoofed packets? or maybe i
should use both example1 and example2?

basically i didn't understand example2 so i don't know when and how to
use it :/

btw i wasn't also able to see which are exaclty  the new changes in pf
syntax., it seems nothing has changed since 3.1..

-- 

    Shiva

  "Better true to yourself
Than a perfect shadow
       Of somebody else
     An empty shell"

(MrBig, My new religion)

Follow-Ups:
- Re: new pf in openbsd 3.2
  - From: Philipp Buehler

Prev by Date: rebuilding system after cvs update fails on 3.2 generic
Next by Date: Problem with PCMCIA IRQ Assignments on Gateway Solo 2200
Previous by thread: rebuilding system after cvs update fails on 3.2 generic
Next by thread: Re: new pf in openbsd 3.2
Index(es):
- Date
- Thread

Visit your host, monkey.org