svn commit: r253597 - head/sbin/ipfw
Stefan Esser
se at FreeBSD.org
Wed Jul 24 08:36:30 UTC 2013
Author: se
Date: Wed Jul 24 08:36:29 2013
New Revision: 253597
URL: http://svnweb.freebsd.org/changeset/base/253597
Log:
Remove duplicated parapgraph.
MFC after: 3 days
Modified:
head/sbin/ipfw/ipfw.8
Modified: head/sbin/ipfw/ipfw.8
==============================================================================
--- head/sbin/ipfw/ipfw.8 Wed Jul 24 08:02:56 2013 (r253596)
+++ head/sbin/ipfw/ipfw.8 Wed Jul 24 08:36:29 2013 (r253597)
@@ -3049,16 +3049,6 @@ option could be used to (re)mark user tr
by adding the following to the appropriate place in ruleset:
.Pp
.Dl "ipfw add setdscp be ip from any to any dscp af11,af21"
-.Pp
-This rule drops all incoming packets that appear to be coming from another
-directly connected system but on the wrong interface.
-For example, a packet with a source address of
-.Li 192.168.0.0/24 ,
-configured on
-.Li fxp0 ,
-but coming in on
-.Li fxp1
-would be dropped.
.Ss DYNAMIC RULES
In order to protect a site from flood attacks involving fake
TCP packets, it is safer to use dynamic rules:
More information about the svn-src-head
mailing list