[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] even more dumb questions: anti-spoofing
 Date:  Tue, 23 May 2006 14:37:08 -0400
On 5/23/06, Molle Bestefich <molle dot bestefich at gmail dot com> wrote:
> But only for the WAN interface?
> Different customers on different subnets behind the firewall are free
> to spoof as they like?

No.  Only the local subnet off of an interface is permitted outbound.
That's automatically taken care of.  If you enter static routes off of
an interface, those antispoofing rules are opened to allow through the
network you defined in the static route as well.  Outbound
antispoofing, by source IP, is taken care of.