[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: impossible condition?



On Thu, Dec 05, 2002 at 11:07:26AM -0600, James Nobis wrote:
> #antispoofing
> antispoof log quick for { $IntIF, $ExtIF } inet
> 
> antispoof log quick for $ExtIF inet expands to:
> @1 block in log quick on ! xl0 inet from 24.243.208.225/20 to any 
> @2 block in log quick inet from 24.243.208.225 to any
it's required to pass on lo0 with antispoof. This is crystal clear
documented in the manpage, though unfortunately that was added after 3.2 was
released.
so just 
pass in  quick on lo0 all
pass out quick on lo0 all
somewhere far up in your ruleset. before antispoof.