diff options
| author | Stefan Eßer <se@FreeBSD.org> | 2013-07-24 08:36:29 +0000 |
|---|---|---|
| committer | Stefan Eßer <se@FreeBSD.org> | 2013-07-24 08:36:29 +0000 |
| commit | 8310a2b88c07b59c0160f899fa8e62eddcc7c04b (patch) | |
| tree | 33da6350ae8c82a6f5c43a48feaab17cfaa27de9 /sbin/ipfw | |
| parent | 9e3cc17647c664c1ed2b173886ba0925d709bcf0 (diff) | |
| download | src-8310a2b88c07b59c0160f899fa8e62eddcc7c04b.tar.gz src-8310a2b88c07b59c0160f899fa8e62eddcc7c04b.zip | |
Remove duplicated parapgraph.
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=253597
Diffstat (limited to 'sbin/ipfw')
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 2047385d5317..65fa33499b99 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -3049,16 +3049,6 @@ option could be used to (re)mark user traffic, by adding the following to the appropriate place in ruleset: .Pp .Dl "ipfw add setdscp be ip from any to any dscp af11,af21" -.Pp -This rule drops all incoming packets that appear to be coming from another -directly connected system but on the wrong interface. -For example, a packet with a source address of -.Li 192.168.0.0/24 , -configured on -.Li fxp0 , -but coming in on -.Li fxp1 -would be dropped. .Ss DYNAMIC RULES In order to protect a site from flood attacks involving fake TCP packets, it is safer to use dynamic rules: |