[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables and INVALID packet filtering.


My intentions are very simple. Firstly, I would like to
drop all INVALID packets - for INPUT and OUTPUT chains.
That's the reason why I've asked, which rule is better to use.

I would like to create pretty good protection for a typical
computer - without any services etc. For now, it is only
for testing purposes.  In the future, this computer will be
using for more ambitious things.

What are my intentions according to antispoof? Hmm... simple -
block spoofing? Of, course I can do it with e.g. rp_filter, right
(I mean /proc/sys/net/ipv4/*/rp_filter settings)?

So, when it comes to these two questions; INVALID and spoofing -
according to you, which solution is best, good? Frankly, you already
answered to question about INVALID packet filtering and
that the first rule is okay. So what about antispoof?

My knowledge of iptables is not good, but I started to use iptables
a couple of weeks ago. Previously, I've used a OpenBSD firewall
so-called pf.

Reply to: