Antispoof for self #474
Unanswered
vaughnhart
asked this question in
Ideas
Antispoof for self
#474
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I have been testing s firewall configuration and I had a discussion with some pf contributors over at OpenBSD.
Have you ever test/considered antispoof for self as a firewall rule? It enumerates all the interfaces with an ip address. But it also requires having a pass rule for 127 which you already have.
block drop in log on ! self inet from 127.0.0.0/8 to any
block drop in log on ! self inet6 from ::1 to any
block drop in log inet6 from ::1 to any
block drop in log on lo0 inet6 from fe80::1 to any
block drop in log inet from 127.0.0.1 to any
block drop in log from no-route to any
block drop in log from urpf-failed to any
Cheers!
-Vaughn
Beta Was this translation helpful? Give feedback.
All reactions