From: Alexander Samad <alex@samad.com.au>
To: netfilter@lists.netfilter.org
Subject: Re: network range
Date: Sun, 4 Apr 2004 20:40:46 +1000 [thread overview]
Message-ID: <20040404104046.GA2821@samad.com.au> (raw)
In-Reply-To: <1081029737.24410.2.camel@localhost>
[-- Attachment #1: Type: text/plain, Size: 1105 bytes --]
On Sat, Apr 03, 2004 at 05:03:04PM -0500, John A. Sullivan III wrote:
> On Sat, 2004-04-03 at 15:53, IT Clown wrote:
--- snip ---
> I usually implement anti-spoofing in two steps. For both public and
> private interfaces I set up a rule to drop any packets from the address
> bound to the interface if it appears on a different interface. Thus:
> iptables -t mangle -A PREROUTING -s 10.0.0.0/24 -i ! eth1 -j DROP
> iptables -t mangle -A PREROUTING -s 1.1.1.0/24 -i ! eth0 -j DROP
Isn't that what rp_filter does ?
> This is to prevent someone from using my own addresses against me.
>
--- snip ---
>
> Someone else may have a better way but that's how I do it. I use the
> mangle table rather than filter so that I can drop bad packets ASAP.
> Good luck - John
> --
> John A. Sullivan III
> Chief Technology Officer
> Nexus Management
> +1 207-985-7880
> john.sullivan@nexusmgmt.com
> ---
> If you are interested in helping to develop a GPL enterprise class
> VPN/Firewall/Security device management console, please visit
> http://iscs.sourceforge.net
>
>
>
>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-04-04 10:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-03 19:35 network range IT Clown
2004-04-03 20:53 ` IT Clown
2004-04-03 21:32 ` Rob Sterenborg
2004-04-03 22:02 ` John A. Sullivan III
2004-04-03 22:03 ` John A. Sullivan III
2004-04-04 10:40 ` Alexander Samad [this message]
2004-04-05 11:07 ` John A. Sullivan III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040404104046.GA2821@samad.com.au \
--to=alex@samad.com.au \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.