[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Internet from Windows/NT thru Linux

On Tue, May 05, 1998 at 09:44:56AM -0400, Bill Leach wrote:
> The file '/etc/init.d/netbase' has the commands for setting up you
> IP-Masquerading.  The defaults that I have seen are always to deny.
  ^^^^^^^^^^^^^^^

No, they don't. There are some firewall setup commands only:

	# deny incoming packets pretending to be from 127.0.0.1
        ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 2>/dev/null || true
        ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 2>/dev/null || true
        ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 >/dev/null
        ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 >/dev/null

There are only these commands, and a few others, to prevent IP spoofing.
This seems to be a common misconception.


Hamish
-- 
Hamish Moffatt, hamish@debian.org, hamish@rising.com.au, hmoffatt@mail.com
Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
CCs of replies from mailing lists are welcome.   http://hamish.home.ml.org


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: