2011-12-02 01:34:36 +00:00
|
|
|
<filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'>
|
2012-01-17 17:47:41 +00:00
|
|
|
<!-- allow UDP sent from 0.0.0.0 (DHCP); filter more exact later -->
|
|
|
|
<rule action='return' direction='out' priority='100'>
|
|
|
|
<ip srcipaddr='0.0.0.0' protocol='udp'/>
|
2011-12-02 01:34:36 +00:00
|
|
|
</rule>
|
2010-03-25 17:46:13 +00:00
|
|
|
|
2011-12-02 01:34:36 +00:00
|
|
|
<!-- allow all known IP addresses -->
|
|
|
|
<rule direction='out' action='return' priority='500'>
|
|
|
|
<ip srcipaddr='$IP'/>
|
|
|
|
</rule>
|
|
|
|
|
|
|
|
<!-- drop everything else -->
|
|
|
|
<rule direction='out' action='drop' priority='1000'/>
|
2010-03-25 17:46:13 +00:00
|
|
|
</filter>
|