Re: Protecting against spoofing with IPTABLES

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Protecting against spoofing with IPTABLES
From: Jon Dowland <dowland@gmail.com>
Date: Thu, 30 Jun 2005 14:19:40 +0100
Message-id: <[🔎] efb06668050630061939b1dcb0@mail.gmail.com>
Reply-to: Jon Dowland <dowland@gmail.com>
In-reply-to: <[🔎] 42C340F7.4040303@networker.co.nz>
References: <[🔎] 42C340F7.4040303@networker.co.nz>

On 6/30/05, Simon <dev@networker.co.nz> wrote:

> iptables -F
> iptables -A INPUT -i lo -j ACCEPT
> iptables -N SPOOF
> iptables -A SPOOF -i eth1 -j SPOOF

I think that's wrong. You're appending a rule to the SPOOF table which
specifies that all packets from eth1 are to be jumped to the SPOOF
chain.. that's an infinite loop.

However in that fragment you don't specify any way of getting into the
SPOOF table so nothing will happen.

Default policy for INPUT,FORWARD and OUTPUT are ACCEPT, so the four
rules above result in nothing.

-- 
Jon Dowland
http://jon.dowland.name/

Reply to:

References:
- Protecting against spoofing with IPTABLES
  - From: Simon <dev@networker.co.nz>

Prev by Date: Re: Now you see it, now you don't--the tale of the disappearing mouse...
Next by Date: two basic "new to Debian" questions: network config & RMS
Previous by thread: Protecting against spoofing with IPTABLES
Next by thread: MySQL setup cloning?
Index(es):
- Date
- Thread