[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Attempt on smtpd / faking remote ip

Hi Ralph,

thanks for the hint.

At 23:59 Uhr +0200 04.04.2004, Ralph Paßgang wrote:
you should also filter out on any network interface but "lo".

so that spoofing with localhost-adresses is not possible anymore.

( for example:
iptables -A INPUT -s -d -i lo -o lo -p ALL -j ACCPET
iptables -A OUTPUT -s -d -i lo -o lo -p ALL -j ACCPET
iptables -A INPUT -s -d 0/0 -p ALL -j REJECT
iptables -A OUTPUT -s 0/0 -d -p ALL -j REJECT

I did it like this, but after the first line iptables said: "cannot use parameter -o with INPUT" (or something like this - I can't remember exactly).

So I left out "-o lo" at the INPUT rule, and also left out "-i lo" at the OUTPUT rule. Thne everything was fine. Now I hope that it'll do what it is supposed to.

and for the mail script you use... check your weblog for the time you saw the
misterous connections in postfix. If there was something you should see the
hits the access.log

I have had checked it before my last posting: no entries.

Thanks again,

procommerz - Internet fuer Unternehmen
http://www.procommerz.de | 033925-90710

Stoppt TCPA, das Zensursystem von Microsoft! | http://www.againsttcpa.com

Reply to: