Re: Request for comments: iptables script for use on laptops.

To: debian-security@lists.debian.org
Subject: Re: Request for comments: iptables script for use on laptops.
From: be-news06@lina.inka.de (Bernd Eckenfels)
Date: Wed, 24 May 2006 07:48:21 +0200
Message-id: <[🔎] E1FimEH-0005w5-00@calista.inka.de>
In-reply-to: <[🔎] 20060524045259.GA2917@wolfden.dnsalias.net>

Mike Dornberger <Mike.Dornberger@gmx.de> wrote:
>> > If I set up my firewall to accept only my local network (eg.
>> > -s 192.168.0.0/255.255.255.0) connecting to a port (eg. smtp), then
>> > anyone can spoof that too. So what's the point of creating rules? :)
> 
> even if one can spoof the IP, he (= the attacker) can't do very much more
> (assuming, he can't read local traffic), at least with TCP connection.

And he needs to get around the ingress spoof filter. You of course dont
accept ip packets with the internal addresses on the external interface.

Gruss
Bernd

Reply to:

References:
- Re: Request for comments: iptables script for use on laptops.
  - From: Mike Dornberger <Mike.Dornberger@gmx.de>

Prev by Date: Re: Request for comments: iptables script for use on laptops.
Next by Date: Re: Decent iptables script for bridging?
Previous by thread: Re: Request for comments: iptables script for use on laptops.
Next by thread: Re: Request for comments: iptables script for use on laptops.
Index(es):
- Date
- Thread