jwh7 DD-WRT Guru
Joined: 25 Oct 2013 Posts: 2670 Location: Indy
|
Posted: Tue Aug 08, 2017 17:51 Post subject: BCP38 thoughts? RFC2827: Defeating Denial of Service Attacks |
|
This ticket was entered last week: realdreams wrote: | in forward chain, replace lan2wan line with Code: | -i br0 -o ppp0 -s 192.168.0.0/24 -j ACCEPT | to drop spoofed source by default. So a lan2wan packet is either NATed or dropped. No packet should come out of WAN interface without WAN interface IP.
- https://tools.ietf.org/html/bcp38
- http://www.bcp38.info | This became part of the Routing Resilience Manifesto initiative, which might be of interest here:
http://www.routingmanifesto.org/manrs/
I'm curious as to BS and/or Kong's thoughts, and anyone else, to maybe have this as an option under Security -> Firewall? _________________ # NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo #
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4 |
|