[FUGSPBR] Anti-Spoof rules IPFW

Ricardo A. Reis n.i.b em terra.com.br
Sex Ago 23 10:28:49 BRT 2002 

        Depois de muita pesquisa cheguei a estes endereços que deveriam 
ser negados no firewall, alguem poderia me dizer se falta algum ou algo 
esta estranho?

--------------------------------------------------------------------%
#Historical Broadcast
add 00009 deny log all from          0.0.0.0/8  to any via tun0 in
#Historical Broadcast
add 00010 deny log all from         0.0.0.0/32  to any via tun0 in
#RFC 1918 Private Network
add 00011 deny log all from         10.0.0.0/8  to any via tun0 in
#Loopback
add 00015 deny log all from        127.0.0.0/8  to any via tun0 in
#RFC 1918 Private Network
add 00020 deny log all from      172.16.0.0/12  to any via tun0 in
#RFC 1918 Private Network
add 00025 deny log all from     192.168.0.0/16  to any via tun0 in
#Test-NET
add 00026 deny log all from       192.0.2.0/24  to any via tun0 in
#Multicast Sorce DOS
add 00030 deny log all from       224.0.0.0/28  to any via tun0 in
#Multicast Reservad AS
add 00031 deny log all from        233.0.0.0/8  to any via tun0 in
#Multicast Reservad
add 00032 deny log all from        224.0.0.0/4  to any via tun0 in
#IANA Reserved address
add 00033 deny log all from        217.0.0.0/8  to any via tun0 in
#Classe E reservad
add 00034 deny log all from        240.0.0.0/5  to any via tun0 in
#Unallocated
add 00035 deny log all from        248.0.0.0/5  to any via tun0 in
#Broadcast
add 00036 deny log all from 255.255.255.255/32  to any via tun0 in
-------------------------------------------------------------------%
#nmap source address(esta eu coloquei por minha conta)
add 00040 deny log all from        23.4.0.0/32  to any via tun0 in
-------------------------------------------------------------------%





      UNIX && Network Admin(eu chego la')
+--------------------------------------------+
|"FreeBSD,BeOS,Linux"|"Cisco Network Academy"|
| III'@'||   CLEAR YOUR DESKTOP    || '@'III |
|  | -|-||   UNIX IS THE FUTURE    || -|- |  |
|  | / \|| THE TRUST IN THE SOURCE || / \ |  |
| BSD User = 050834  | Linux User = 280168   |
+--------------------------------------------+
           The Power to the Serve


-------------- Próxima Parte ----------
Um anexo não-texto foi limpo...
Nome: não disponível
Tipo: application/pgp-signature
Tamanho: 187 bytes
Descrição: não disponível
URL: <http://www.fug.com.br/pipermail/freebsd/attachments/20020823/85c5d406/attachment.bin>

Mais detalhes sobre a lista de discussão freebsd