Community discussions

MikroTik App
 
netmk
just joined
Topic Author
Posts: 6
Joined: Mon Aug 31, 2020 9:31 pm

RP Filter - Strict and Loose

Mon Sep 13, 2021 5:45 pm

I have a question about Mikrotik's antispoofing method, I didn't find my question on the forum.

uRPF has two basic modes Strict and Loose. In other manufacturers I can apply the uRPF specifically on a router interface, in Mikrotik it is not possible, am I correct?

Scenario: I have a PPPoE Hub (Specific role of PPPoE Server).
In the route table I only have /32 routes from PPPoE users, Default Route and some private routes received by OSPF.

Question: If I apply Loose/Strict mode globally, real packets coming from the internet will be blocked, correct?
Because, when a packet comes from the internet, the source IP will not be in the route table.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: RP Filter - Strict and Loose

Mon Sep 13, 2021 7:27 pm

The packet are blocked if, coming from WAN, have one of the internal IP,
like is impossible to be real a packet coming from wan side with a source 192.168.10.22,
if you have 192.168.10.0/24 used on internal LAN,
and is blocked.
Any other type of source IP are not blocked.

(This is valid also on public IP)

If is selected strict, is checked also if the best exit route for an IP is the same interface where coming in,
if not is dropped.

loose is valid for all use cases,
strict only on specific cases.

Who is online

Users browsing this forum: No registered users and 15 guests