BCP38 thoughts? RFC2827: Defeating Denial of Service Attacks

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
jwh7
DD-WRT Guru


Joined: 25 Oct 2013
Posts: 2670
Location: Indy
PostPosted: Tue Aug 08, 2017 17:51    Post subject: BCP38 thoughts? RFC2827: Defeating Denial of Service Attacks Reply with quote
This ticket was entered last week:
realdreams wrote:
in forward chain, replace lan2wan line with
Code:
-i br0 -o ppp0 -s 192.168.0.0/24 -j ACCEPT
to drop spoofed source by default. So a lan2wan packet is either NATed or dropped. No packet should come out of WAN interface without WAN interface IP.
- ​https://tools.ietf.org/html/bcp38
- ​http://www.bcp38.info
This became part of the Routing Resilience Manifesto initiative, which might be of interest here:
http://www.routingmanifesto.org/manrs/

I'm curious as to BS and/or Kong's thoughts, and anyone else, to maybe have this as an option under Security -> Firewall?
_________________
# NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo #
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum