diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-21 19:05:17 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-21 19:05:17 +0000 |
| commit | f2d532ecfaeb153ac0816318d35f2acf2c5961e7 (patch) | |
| tree | 347e663efbd5aa6c2c6a9ffd160e6e9e7e22fc75 /etc | |
| parent | 66119c8a10668b807be6f720f928feb6b8db126c (diff) | |
| download | pfsense-f2d532ecfaeb153ac0816318d35f2acf2c5961e7.zip pfsense-f2d532ecfaeb153ac0816318d35f2acf2c5961e7.tar.gz | |
We should anti spoof on the wan interface as well.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index faedd7f..c9a0eae 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2389,6 +2389,7 @@ EOD; # block anything from private networks on WAN interface anchor "spoofing" +antispoof for \$wan block in $log quick on \$wan from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block in $log quick on \$wan from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block in $log quick on \$wan from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" |
