From: Damien Miller (djmcvs.openbsd.org)
Date: Tue Mar 14 2006 - 05:09:45 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CVSROOT: /cvs
Module name: src
Changes by: djmcvs.openbsd.org 2006/03/14 04:09:45

Modified files:
        sys/net : pf.c pf_norm.c pfvar.h
        sbin/pfctl : parse.y pf_print_state.c pfctl_optimize.c
        share/man/man5 : pf.conf.5

Log message:
implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)
which optionally verifies that a packet is received on the interface
that holds the route back to the packet's source address. This makes
it an automatic ingress filter, but only when routing is fully
symmetric.

bugfix feedback claudio; ok claudio and dhartmei

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]