[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for comments: iptables script for use on laptops.

LeVA said:
> But if one can spoof, then one can spoof anything else, so
> creating any rule with an ip address matching is useless. No?

It's not totally useless but gives only a minor level of protection,
i.e. it helps against attacks without spoofing :)

> If I set up my firewall to accept only my local network (eg.
> -s connecting to a port (eg. smtp), then
> anyone can spoof that too. So what's the point of creating rules? :)

This is ok. You simply need some more "anti-spoofing" rules.
You can allow packets from only if they come from the loopback
interface. And you may want to discard packets coming from the internal
network card, if they don't have an approriate IP address.
Here is an example: http://www.sns.ias.edu/~jns/files/iptables_ruleset

Michel Messerschmidt, lists@michel-messerschmidt.de

$ rpm -q --whatrequires linux
no package requires linux

Reply to: