Opened 3 weeks ago

Last modified 2 weeks ago

#5915 new

implementing BCP38 by default

Reported by: realdreams Owned by:
Keywords: BCP38, firewall, MANRS Cc:


in forward chain, replace lan2wan line with -i br0 -o ppp0 -s -j ACCEPT to drop spoofed source by default. So a lan2wan packet is either NATed or dropped. No packet should come out of WAN interface without WAN interface IP.

Change History (1)

comment:1 Changed 2 weeks ago by jeremywh7

Keywords: MANRS added

Or maybe at least have this as an option under Security -> Firewall?

Also interesting, which includes BCP38:

Note: See TracTickets for help on using tickets.