Re: IP Spoofing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

David C. Hart wrote:

On Wed, 2003-11-05 at 14:51, Antony Stone wrote:


On Wednesday 05 November 2003 7:31 pm, Leandro Takashi Hirano wrote:



Now I would like to know about the IP Spoofing rule, how does it works?

- iptables -A INPUT -s 192.168.1.0/24 -i ! eth0 -j DROP


Any packet with a source address in the Class C range 192.168.1.x which does not come from eth0 will be DROPped.



Funny I was similarly confused. What happens to packets from the LAN
given that they don't originate from eth0?



In this setup the packets from the LAN have to enter from eth0 as Antony indicates. Eth1 would have to be the external interface. Keep in mind that these rules only affect traffic to and from the firewall host itself. Traffic between the LAN and the internet is handled on the FORWARD chain.

Jeff



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux