# pf and antispoof rule



## sniper007 (Feb 19, 2010)

Hi!

Does it make sense to create *antispoof *rule on external device ng0 which is connect to internet (through PPPoE) ?


----------



## DutchDaemon (Feb 19, 2010)

Any interface with an IP on it can use antispoof.


----------



## honk (Feb 23, 2010)

I use only RFC1918 addresses in my internal network. Most people say that this can't be reached from the internet as it is not routed. But this is not the case with my ISP. They use RFC1918 also in their ISP backbone and theoretical could access my box. Therefore antispoofing makes sense. Of course this could not happen with a strict ruleset... But I don't see any reason to omit antispoofing if it is possible from the network layout.


----------

