Opened 3 weeks ago

Last modified 2 weeks ago

#5915 new

implementing BCP38 by default

Reported by: realdreams Owned by:
Keywords: BCP38, firewall, MANRS Cc:

Description

in forward chain, replace lan2wan line with -i br0 -o ppp0 -s 192.168.0.0/24 -j ACCEPT to drop spoofed source by default. So a lan2wan packet is either NATed or dropped. No packet should come out of WAN interface without WAN interface IP.

Change History (1)

comment:1 Changed 2 weeks ago by jeremywh7

Keywords: MANRS added

Or maybe at least have this as an option under Security -> Firewall?

Also interesting, which includes BCP38: http://www.routingmanifesto.org/manrs/

Note: See TracTickets for help on using tickets.