Anti-spoofing rules on the bridge interface



  • Hi all,

    As jimp said in an old post, i've got this :

    "
    On 2.0 you'd actually want to have WAN and LAN without an IP, and have the bridge interface assigned and have
    your "WAN" IP be assigned directly to the bridge interface.
    "

    OK, it's work great !!
    But now i would like to continue with good practices.
    I understand that the rules must be put on the bridge interface.

    For many rules it's ok but what about this one for example :
    block internal addresses appearing from the outside (anti-spoofing rules)
    ??? How to do that ???

    please help.