* Stefan Srdic (linuxbox@telusplanet.net) [010718 18:50]: > I'm running Woody with kernel 2.4.6 at home. I'm using IPTables to > Masquerade the internet to my internal network and to protect my Linux > hosts from possible scan or crack attempts. > > So far, I've found my Netfilter script to work very well. However, I > have noticed a *few* minor problems with it. > > I use a simple IP spoof line wich drops datagrams that are pretending to > originate from my host. Since my external interface is configured via > DHCP I use the following operation of determining my IP. > > IPADDR="`/sbin/pump --status | /bin/grep IP: | /bin/sed -e 's/.*IP: > //'`" > > I later, call that operation in a rule to prevent IP Spoofing. > > iptables -A INPUT --source $IPADDR -i $EXTIFACE -j DROP > > This works, but only once. When I flush all rules, and then delete all > user defiened chains, and then re-run my NetFilter script I always get > an "Operation failed" message from the kernel. > From the kernel? What does the message really say? IIRC pump sometimes reports "Operation failed" -- can you diagnose more precisely where the message orignates from? Does it show up in a log? (which one?) or on the console? Vineet
Attachment:
pgp5bKTWtAJpz.pgp
Description: PGP signature