Hello Chris,
Tuesday, October 28, 2003, 6:26:10 PM, you wrote:
CB> On Tue, 2003-10-28 at 09:59, Robert P. J. Day wrote:
>> i'd like to find a short, efficient way to filter incoming packets with
>> bogus source addresses, but i don't see an elegant way of doing it.
CB> Here is what I do in my script to specify my rules:
CB> while read SPOOFED ; do
CB> iptables -A FORWARD -s $SPOOFED -j LOG --log-prefix " SPOOFING "
CB> iptables -A FORWARD -s $SPOOFED -j DROP
CB> done < spoofed_ips.txt
This is wrong, to log/drop a single ip 2 lookups on the src addr have to be
performed.
Instead a single chain should be created which all the spoofed packets
would jump. The single chain logs and drops.
i=iptables
$i -N LOG_DROP
$i -A LOG_DROP -j LOG --log-prefix " SPOOFING "
$i -A LOG_DROP -j DROP
while read SPOOFED;
do
$i -A FORWARD --src $SPOOFED -j LOG_DROP
done < spoofed_ips.txt
P.Krumins
