Re: PROPOSAL: simple masquerading and filtering firewall setup
At 07:13 -0700 1998-07-27, Raul Miller wrote:
>netbase already has some "don't spoof my addresses when talking to me"
>rules, but last time I checked it just protects 127.0.0.1, and has
>commented out rules that would use `hostname -i` to protect the primary
>interface address.
Note that for 2.1 kernels (which will be in 2.2), IP spoofing protection is
automagically enabled by /etc/init.d/netbase for every interface.
# This is the best method: turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo "done."
--
Joel "Espy" Klecker Debian GNU/Linux Developer <mailto:jk@espy.org>
<http://www.espy.org/> <ftp://ftp.espy.org/pub/>
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: