Re: where it can be append ..
On Mon, 12 May 2003, Kiryanov Vasiliy wrote:
> I writed little script that prevent basic crack throught PPP,
> (when you use dial-up method to use InterNet) by blocking packets
> that have:
> 1) your source ip
That should be one line.
> 2) loopback source ip
Also, one line.
> 3) A,B,C class network source ip
You do not want to be doing this, if what you're doing is what I think
you're doing. Classless addressing has been around for many years, and
should be respected.
> 4) D - class, multicast source ip
Dunno multicast, but it may be a bad idea and/or a one-liner.
> 5) E - class, reserved source ip
AFAICR, there are no truly "reserved" IP blocks, unless you count the
RFC1918 blocks. That's not a bad idea to block them, although your ISP
should be null-routing those anyway.
> 6) your ISP adresses block without the peer throught you work
I'm not sure what it is you're blocking with this one. Care to explain
further?
> QUESTION:
> I think send that scripts to Michael Beattie that maintaine ppp package,
> but script too trivial and need iptables package and kernel iptables
> support.
Yup. No need to bloat ppp with more dependencies.
> For new package I think is too SMALL and too EASY.
Not necessarily, but I certainly think it needs more work.
> How you think if that script can be good for anything?
Either try and get it integrated with one of the myriad of existing firewall
scripts (or all of them), or put up a webpage describing what they do and
how to use them.
--
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16
Reply to: