pf FAQ says that uRPF provides the same functionality as antispoof rules (http://www.openbsd.org/faq/pf/filter.html). Could anyone point out the difference (if there is any) between these two?
To me it looks like antispoof is simply a shortcut to the two rules to which it expands. It's limited to only checking IP addresses that are local to an interface based on the IP address and netmask assigned to it.
uRPF performs a routing table lookup. This would allow PF to permit traffic from IP addresses local to the machine's interfaces (as with antispoof) and from IP addresses with a nexthop in the routing table.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.