How do you guys setup anti-spoofing?
It seems to me like I have to make anti spoofing rules manually, and
on each individual interface?
I would like to tell m0n0wall that eg. these are my networks:
* foo 192.168.1.0/24
* bar 192.168.2.0/24
And then multi-home one of the adapters, that is in effect tell
m0n0wall that "foo" sits behind fxp0, and so does "bar", and please
automatically generate anti-spoofing rules.
I can't find any feature like this, although some of the interfaces
does have a "static IP" option. I wouldn't mind if the firewall had a
static IP in each of the above mentioned networks, so I guess it would
be nice if I could create a network definition including a static IP
address and use that for anti-spoofing. But there's only one static
IP field, so I guess that's not the solution either.
Is anti-spoofing really a manual process?