freebsd-dev/sbin/ipfw
Andre Oppermann 22b5770b99 Add the option versrcreach to verify that a valid route to the
source address of a packet exists in the routing table.  The
default route is ignored because it would match everything and
render the check pointless.

This option is very useful for routers with a complete view of
the Internet (BGP) in the routing table to reject packets with
spoofed or unrouteable source addresses.

Example:

 ipfw add 1000 deny ip from any to any not versrcreach

also known in Cisco-speak as:

  ip verify unicast source reachable-via any

Reviewed by:	luigi
2004-04-23 14:28:38 +00:00
..
ipfw2.c Add the option versrcreach to verify that a valid route to the 2004-04-23 14:28:38 +00:00
ipfw.8 Add the option versrcreach to verify that a valid route to the 2004-04-23 14:28:38 +00:00
Makefile