BCP (Best Common Practice) 38 concerns IP address spoofing and is recommended by everyone including FreeBSD. PF has the antiproof keyword. I have three questions:
Is PF antispoof an adequate implementation of BCP38?
Should antispoof be run on all interfaces apart from loopback ?
If an interface is using DHCP and loses its IP address, antispoof will likely drop all packets. Are there any unintended consequences to this after reconnection?
Thanks for any feedback.
Is PF antispoof an adequate implementation of BCP38?
Should antispoof be run on all interfaces apart from loopback ?
If an interface is using DHCP and loses its IP address, antispoof will likely drop all packets. Are there any unintended consequences to this after reconnection?
Thanks for any feedback.