Solved How to understand antispoof?

[sdf]

Hello everyone,

antispoof for $ext_if

the above antispoof rule would expand to:
block drop in on ! $ext_if from 10.0.0.0/24 to any
block drop in from 10.0.0.1 to any


The first rule means that blocking all traffic coming from the 10.0.0.0/24 network that does not pass in through the ext_if interface.
How to understand the meaning of this sentence?

Under what circumstances that the traffic from the 10.0.0.0/24 network passing in does not need through the ext_if interface?


ext_if IP 10.0.0.1/24

Thanks.

 

[SirDice]

antispoof for $ext_if

the above antispoof rule would expand to:

block drop in on ! $ext_if from 10.0.0.0/24 to any
block drop in from 10.0.0.1 to any

Only if $ext_if has the IP 10.0.0.1/24. Which means the 10.0.0.0/24 network is directly attached to it. Traffic coming in on any other interface should never have a 10.0.0.0/24 source address. The only way that would happen is when something is configured really badly (network loops for example) or if somebody is actively spoofing IP address. Either situation is bad.

 

[sdf]

Thank you.

Hard to understand "! $ext_if", ”that does not pass in through the ext_if interface“.

 

[SirDice]

It simply means 'every interface except $ext_if'.

 

[sdf]

It simply means 'every interface except $ext_if'.

In other words, all the remaining interfaces of this firewall?

It does not seem to be equivalent to
block drop in on $int_if from 10.0.0.0/24 to any

 

[SirDice]

In other words, all the remaining interfaces of this firewall?

Correct.