[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall advice

On 2002/12/15 07:15:25PM -0800, Sun, Torrin wrote:
> I changes the subject and started a new thread here.  Anyway . . .
> >>> # Drop spoofed packets
> >>> iptables -A INPUT -i eth0 -j DROP -s -d
> >What about outgoing spoofed packets? They didn't get dropped in this
> >script
> >at all. It's only a selfish half-hearted firewall if all it does is to
> >protect yourself against incoming nasties; there's always a
> >responsibility
> >not to inflict dodgy packets on others, as much as possible.
> OK, but how do you tell if a packet is spoofed going out?  I can tell
> coming in by looking at the source address and the interface.

#Packets leaving this server
#connections to lo
$iptables -A OUTPUT -p ALL -o $lo_iface -s $lo_ip -j ACCEPT

#allow the rest
$iptables -A OUTPUT -p ALL -o $eth_iface -s $eth_ip -j ACCEPT

#log the rest
$iptables -A OUTPUT -m limit --limit $log_limit --limit-burst $log_limit_burst -p tcp -j LOG --log-prefix "output tcp:"
$iptables -A OUTPUT -m limit --limit $log_limit --limit-burst $log_limit_burst -p udp -j LOG --log-prefix "output udp:"

i believe this should get it, not that i have gotten around to spoofing
anything to verify that it does drop it...

Attachment: pgpW4oKfBO2sd.pgp
Description: PGP signature

Reply to: