Thanks, I will check that.

What is default path of that UserDefined script? Or can I use full path of script, like: /var/tmp/testing.sh ?

You can use full path.

Offhand I am not sure what the default path is for this screen.

I was not managed to get it work

First, I want to test it via specific rule, so I have created new rule with Track: "Alert". My understanding is that the script located in /var/log/test.sh should be executed every time this specific rule is matched.

My settings in Global Properties:

According logs, the specific traffic is matched and I also see Alert in logs. The only problem is that it didnt activate the script.

I also tried to set Track as "UserDefined" and with this setup, the script was executed.

Is there any way how to do the same just for Alert (as in Anti-spoofing in R77.30 there are only following options available):

As far as I know both of these things should operate exactly the same.

I would open a TAC case.

Hi Valeri,

The script is working in case I choose "UserDefined" in Track option for the particular rule.

In case I want to do the same for "Alert", it will not work.

My script looks like:

My rule looks like (it will not execute script):

This rule will execute the script:

And my Alert settings looks like:

That must be true. "Run popup alert script" means the binary is under $FWDIR/bin. If it is not, it is qualified as a "User defined alert"

Create a VM with the desired address and try to ping "through" the firewall?

You'll probably have to muck with the routing/ARP tables to make it work right.

easy, configure anti-spoofing manually and exclude some parts of your network attached to this interface. Link, instead of /24 do less than that. 

Hello Jozko,

Was you able to perform this. Even I want to perform anti spoofing lab in vmware. Don't know howto do it.

No, I was not able to simulate antispoofing traffic 😕

I was able to.

Have a loom at this article i made on anti spoofing.