Den sön 9 apr. 2023 kl 11:56 skrev <louise9841@gmail.com>:
>
> Hello, I am new to OpenBSD in terms of using it as a home router/firewall. Im trying to implement the OpenBSD equivalent or similar way of doing things like I did on my Linux Router. Are there are equivalent ways/programs for the following:
>
> 1. Reverse Path Filter (Like on Linux).
PF antispoof and urpf is available. "man pf.conf"
> 2. Protection against DHCP Starvation attacks.
Give the important machines static entries, if you are concerned that
hundreds or thousands of boxes/macs will eat up all dynamic ranges.
Or use ipv6. Or perhaps 802.1x "authentication" where the mac is the
password for radius so that unknown/undesired entries get the "wrong"
network, if your switches support 802.1x.
> 3. DHCP Snooping
>
> 4. Reply-Only ARP system with features like(automatically adding arps for leases) that keep people from setting a static ip on the network and bypassing the queueing done by pf.
You can have dhcpd add handed out entries to a list, for which PF
later can block. "man dhcpd" for the various lists it populates.
> P.S.: If there are any ways of doing these options above can you point me to the right documentation as I have tried to research but couldn't find any thing on these subjects listed above.
--
May the most significant bit of your life be positive.
No comments:
Post a Comment