IP spoofing protection
I sent the following to debian-firewall, but noone reacted, so I try here.
Hai and a jolly new year,
I'm in the process of switching from pmfirewall to ipmasq. I've read
a lot, and now I'm confused:)
I thought rp_filter was supposed to prevent ip spoofing, but ipmasq
still adds rules like:
ipchains -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
ipchains -A input -j DENY -i ! eth1 -s 192.168.1.1/255.255.255.0 -l
Am I correct in assuming this is only done to get the logging?
The second point of confusion is here:
ipchains -A output -j DENY -i ! eth1 -d 192.168.1.1/255.255.255.0 -l
Is this just the routing being checked by ipchains rules? Am I correct
in assuming this would be useless on a well configured machine?