pf firewall - antispoof rules vs. uRPF

To me it looks like antispoof is simply a shortcut to the two rules to which it expands. It's limited to only checking IP addresses that are local to an interface based on the IP address and netmask assigned to it.

uRPF performs a routing table lookup. This would allow PF to permit traffic from IP addresses local to the machine's interfaces (as with antispoof) and from IP addresses with a nexthop in the routing table.
 
Back
Top