[ previous ] [ next ] [ threads ]
 
 From:  "Kasper Pedersen" <m0n0list dash kkp at kasperkp dot dk>
 To:  "Don Munyak" <don dot munyak at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Bogus network filtering
 Date:  Wed, 13 Jul 2005 19:53:29 +0200 
----- Original Message ----- 
From: "Don Munyak" <don dot munyak at gmail dot com>


# Bogus Network Filtering
block in log quick on xl0 from 0.0.0.0/7 to any
block in log quick on xl0 from 2.0.0.0/8 to any
block in log quick on xl0 from 5.0.0.0/8 to any
...

When doing something like this you have to check for updates to address 
assignments regularly since valid hosts and clients will be dropped 
otherwise. I've been on both ends of this, first when blocks 80.0.0.0/8 went 
live, and again when I was assigned nets in 82.0.0.0/8.

In addition I honestly don't believe it gives you any added security 
whatsoever. Only complexity.

/Kasper