[ previous ] [ next ] [ threads ]
 
 From:  "Molle Bestefich" <molle dot bestefich at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  cbuechler at gmail dot com
 Subject:  Re: even more dumb questions: anti-spoofing
 Date:  Thu, 25 May 2006 11:46:37 +0200
Chris Buechler wrote:
> > But only for the WAN interface?
> >
> > Different customers on different subnets behind the firewall are free
> > to spoof as they like?
>
> No.  Only the local subnet off of an interface is permitted outbound.
> That's automatically taken care of.  If you enter static routes off of
> an interface, those antispoofing rules are opened to allow through the
> network you defined in the static route as well.  Outbound
> antispoofing, by source IP, is taken care of.

Thanks!

What do I do with non-rfc-1918 networks inside the firewall?
Manually add anti-spoof rules to the WAN interface rulebase?
Or is this also taken care of automatically?