Re: even more dumb questions: anti-spoofing

From:	"Molle Bestefich" <molle dot bestefich at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	cbuechler at gmail dot com
Subject:	Re: even more dumb questions: anti-spoofing
Date:	Thu, 25 May 2006 11:46:37 +0200

Chris Buechler wrote:
> > But only for the WAN interface?
> >
> > Different customers on different subnets behind the firewall are free
> > to spoof as they like?
>
> No.  Only the local subnet off of an interface is permitted outbound.
> That's automatically taken care of.  If you enter static routes off of
> an interface, those antispoofing rules are opened to allow through the
> network you defined in the static route as well.  Outbound
> antispoofing, by source IP, is taken care of.

Thanks!

What do I do with non-rfc-1918 networks inside the firewall?
Manually add anti-spoof rules to the WAN interface rulebase?
Or is this also taken care of automatically?