Chris Buechler wrote:
> > But only for the WAN interface?
> > Different customers on different subnets behind the firewall are free
> > to spoof as they like?
> No. Only the local subnet off of an interface is permitted outbound.
> That's automatically taken care of. If you enter static routes off of
> an interface, those antispoofing rules are opened to allow through the
> network you defined in the static route as well. Outbound
> antispoofing, by source IP, is taken care of.
What do I do with non-rfc-1918 networks inside the firewall?
Manually add anti-spoof rules to the WAN interface rulebase?
Or is this also taken care of automatically?