Anti-Spoofing and This Net

[BarryStiefel]

Anti-Spoofing and This Net

What exactly does this option mean?



Answer All FireWall-1 uses for "This Net" is the interface's IP and netmask.



In NG, "This Net" is properly described in the GUI in this manner. For example, if your interface is defined with 172.16.0.10 as the IP, 255.255.255.0 as the subnet mask and you have "This Net" checked in your anti-spoofing, the only addresses considered valid will be 172.16.0.1 through 172.16.0.255 (The 172.16.0.0/24 network).

If you have other nets off of an interface of the firewall (e.g. behind routers), you will need to use the "Specific" option in anti-spoofing. Create a group that contains all the networks reachable from that interface.

-- RobertGraham - 23 Feb 2004

FAQForm FAQs.Class: TroubleshootingFAQs FAQs.OS: FAQs.Version: