[Gllug] iptables - a quick question
David Damerell
damerell at chiark.greenend.org.uk
Thu Nov 29 11:49:01 UTC 2001
On Wednesday, 28 Nov 2001, will wrote:
>itsbruce at uklinux.net wrote:
>>You are, of course, setting firewall rules to detect incoming packets
>>with spoofed local addresses.
>How is this possible? How do you detect a spoofed IP?
What is meant is the specific case of an IP address originating from
the wrong interface. For instance, at home, I use 192.168.93.0/24
internally. The machine that connects the internal network to the
cable modem knows it should only see packets from 192.168.93.0/24 on
the Ethernet interface that's connected to the internal network - so
if one arrives on the other interface, it is discarded.
The motivation is that it then becomes simpler to write rules based on
IP ranges, since you can be confident that a packet from your internal
ranges is actually sent from an internal machine.
--
David Damerell <damerell at chiark.greenend.org.uk> flcl?
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list