On Thu, 2 Oct 2003, Haesu wrote:
> Is there any reverse-path verification feature in FreeBSD kernel?
> reverse-path verification as in uRPF (unicast reverse path filtering) widely
> used for anti-ip-spoofing.
> If it is supported, then does FreeBSD's uPRF implementation also allow loose
> and strict check like on Cisco?
Usually RPF is just done with ACLs (ipfw) on FreeBSD. It can be a
simple as have a simple input list on each interface that only permits
sources that are known to be on that interface. Since most systems aren't
running a routing protocol, so there aren't many routes and/or they don't
change often, it is probably the simplest way of doing this.