Re: Interface Envy

To: Michael Wood <wood@kingsley.co.za>
Cc: debian-firewall@lists.debian.org
Subject: Re: Interface Envy
From: Roland Gerlach <roland@rkga.com.au>
Date: 26 Jan 2000 22:43:16 +1100
Message-id: <[🔎] 861z75f48b.fsf@copernicus.rkga.com.au>
In-reply-to: Michael Wood's message of "Wed, 26 Jan 2000 13:09:07 +0200"
References: <[🔎] 20000125083204.C21296@wookimus.net> <[🔎] 86zott3io7.fsf@someotherplace.org> <[🔎] 388E244C.CFF2524F@burgettsys.com> <[🔎] 86r9f537tq.fsf@someotherplace.org> <[🔎] 20000126082400.A10120@lion.kingsley.co.za> <[🔎] 20000126082133.A592@fam-meskes.de> <[🔎] 20000126130907.A6576@lion.kingsley.co.za>

Hey, don't the newer kernels have builtin spoof protection.

>From http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO-5.html#ss5.7

# This is the best method: turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
  echo -n "Setting up IP spoofing protection..."
  for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
    echo 1 > $f
  done
  echo "done."
else
  echo PROBLEMS SETTING UP IP SPOOFING PROTECTION.  BE WORRIED.


Cheers,
Roland.
-- 
Tell me and I'll forget; show me and I may remember;
involve me and I'll understand - Chinese Proverb.

Reply to:

References:
- Interface Envy
  - From: ^chewie <chewie@wookimus.net>
- Re: Interface Envy
  - From: David Coe <david.coe@someotherplace.org>
- Re: Interface Envy
  - From: Wade Burgett <wadeb@burgettsys.com>
- Re: Interface Envy
  - From: David Coe <david.coe@someotherplace.org>
- Re: Interface Envy
  - From: Michael Wood <wood@kingsley.co.za>
- Re: Interface Envy
  - From: Michael Meskes <meskes@debian.org>
- Re: Interface Envy
  - From: Michael Wood <wood@kingsley.co.za>

Prev by Date: Re: Interface Envy
Next by Date: ftp forwarding
Previous by thread: Re: Interface Envy
Next by thread: Re: Interface Envy
Index(es):
- Date
- Thread