[Gllug] iptables - a quick question

tet at accucard.com tet at accucard.com
Thu Nov 29 09:01:50 UTC 2001


>> You are, of course, setting firewall rules to detect incoming packets 
>> with spoofed local addresses.
>
>How is this possible?  How do you detect a spoofed IP?

It's a firewall, so you have two network interfaces, one to the outside
world, one to your internal network. If packets come in on the externally
connected interface claiming to have a source IP from your internal
network, then they're obviously spoofed, and should be blocked.

Of course, this all falls down if you don't subscribe to the "put two
network interfaces in a firewall" theory. I can't for the life of me
see why, but some people don't, and just use routing to ensure all
traffic goes via the firewall. I prefer my firewalls to physically
sit between the world and my private stuff...

Tet

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list