Hi all,
I recently updated my configuration by modifying one of my filter INPUT
rules to specify source IPs coming in from the LAN:
iptables -t filter -A INPUT -p all -i $LAN_Interface -s $LAN_IP_Range -j
Lan-Host
Packets not meeting this condition (among others) are logged and
dropped. The intent is to catch any internal packets coming from an
external IP address. No sooner did I load this rule when I started
logging packets with an AOL IP address coming from the LAN interface
going to port 53. I have a small LAN with only a handful of PCs which I
configured myself, so I'm a bit puzzled.
Have I configured this wrong? Several users connect to AOL through the
firewall so that's a possible cause, but I don't know why an AOL program
would spoof IPs. Thoughts?
