[Gllug] iptables - a quick question

David Damerell damerell at chiark.greenend.org.uk
Thu Nov 29 11:49:01 UTC 2001

On Wednesday, 28 Nov 2001, will wrote:
>itsbruce at uklinux.net wrote:
>>You are, of course, setting firewall rules to detect incoming packets 
>>with spoofed local addresses.
>How is this possible?  How do you detect a spoofed IP?

What is meant is the specific case of an IP address originating from
the wrong interface. For instance, at home, I use
internally. The machine that connects the internal network to the
cable modem knows it should only see packets from on
the Ethernet interface that's connected to the internal network - so
if one arrives on the other interface, it is discarded.

The motivation is that it then becomes simpler to write rules based on
IP ranges, since you can be confident that a packet from your internal
ranges is actually sent from an internal machine.

David Damerell <damerell at chiark.greenend.org.uk> flcl?

Gllug mailing list  -  Gllug at linux.co.uk

More information about the GLLUG mailing list