On 2002/12/15 07:15:25PM -0800, Sun, Torrin wrote: > I changes the subject and started a new thread here. Anyway . . . > > >>> # Drop spoofed packets > >>> iptables -A INPUT -i eth0 -j DROP -s 192.168.1.3 -d 0.0.0.0/0 > > >What about outgoing spoofed packets? They didn't get dropped in this > >script > >at all. It's only a selfish half-hearted firewall if all it does is to > >protect yourself against incoming nasties; there's always a > >responsibility > >not to inflict dodgy packets on others, as much as possible. > > OK, but how do you tell if a packet is spoofed going out? I can tell > coming in by looking at the source address and the interface. #### #Packets leaving this server #### #connections to lo $iptables -A OUTPUT -p ALL -o $lo_iface -s $lo_ip -j ACCEPT #allow the rest $iptables -A OUTPUT -p ALL -o $eth_iface -s $eth_ip -j ACCEPT #log the rest $iptables -A OUTPUT -m limit --limit $log_limit --limit-burst $log_limit_burst -p tcp -j LOG --log-prefix "output tcp:" $iptables -A OUTPUT -m limit --limit $log_limit --limit-burst $log_limit_burst -p udp -j LOG --log-prefix "output udp:" i believe this should get it, not that i have gotten around to spoofing anything to verify that it does drop it...
Attachment:
pgpW4oKfBO2sd.pgp
Description: PGP signature