[ previous ] [ next ] [ threads ]
 
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] even more dumb questions: anti-spoofing
 Date:  Tue, 23 May 2006 07:42:11 -0500
From: "Molle Bestefich" <molle dot bestefich at gmail dot com>

> How do you guys setup anti-spoofing?

> It seems to me like I have to make anti spoofing rules manually, and
> on each individual interface?

> I would like to tell m0n0wall that eg. these are my networks:
>  * foo 192.168.1.0/24
>  * bar 192.168.2.0/24

> And then multi-home one of the adapters, that is in effect tell
> m0n0wall that "foo" sits behind fxp0, and so does "bar", and please
> automatically generate anti-spoofing rules.

> I can't find any feature like this, although some of the interfaces
> does have a "static IP" option.  I wouldn't mind if the firewall had a
> static IP in each of the above mentioned networks, so I guess it would
> be nice if I could create a network definition including a static IP
> address and use that for anti-spoofing.  But there's only one static
> IP field, so I guess that's not the solution either.

> Is anti-spoofing really a manual process?

It is built in.  Dead at the bottom of http://gateway/interfaces_wan.php is 
"Block private networks"

                            Lee