[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Re: M0n0wall v1.2b3 in Bridge Mode
 Date:  Sun, 13 Feb 2005 19:23:59 -0800 (PST)
On Thu, 10 Feb 2005, Jesse Guardiani wrote:
> Finally, do you think there would be any value for expert m0n0wall
> users in a webGUI knob to turn off anti-spoofing rules entirely? Now
> that I know they exist, I realize that I've run into problems with
> these anti-spoofing rules not just in bridge setups, but also in pure
> routing setups. A "disable anti-spoofing rules" knob seems like a great
> debugging tool to me. Running into strange invisible rules blocking
> your traffic? Turn off anti-spoof rules!

Disabling antispoofing in general is dangerous.  There is a way
antispoofing could be done automatically, but it would need to be done in
the kernel, and there would have to be a way to designate "interface
groups" in cases where a given remote is legitimately reachable via
multiple interfaces.

					Fred Wright