Date: Mon, 25 Sep 2000 13:25:16 +0400 From: Igor Roboul <igor@raduga.dyndns.org> To: freebsd-questions@FreeBSD.ORG Subject: Re: Question.. Message-ID: <20000925132516.A20206@linux.rainbow> In-Reply-To: <20000925015357.T9141@fw.wintelcom.net>; from bright@wintelcom.net on Mon, Sep 25, 2000 at 01:53:57AM -0700 References: <39CF0A63.27989017@home.com> <20000925015357.T9141@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 25, 2000 at 01:53:57AM -0700, Alfred Perlstein wrote: > > You can't do that. In Linux case. Spoofed packets _need_ to enter machine so we can decline they. This is infor from Linux /usr/src/linux/Documentation/proc.txt: -------------------------- In the directory /proc/sys/net/ipv4/conf you'll find one subdirectory [snip] rp_filter Integer value deciding if source validation should be made. 1 means yes, 0 means no. Disabled by default, but local/broadcast address spoofing is always on. If you set this to 1 on a router that is the only connection for a network to the net , it evidently prevents spoofing attacks against your internal networks (external addresses can still be spoofed), without the need for additional firewall rules. --------------------------- -- Igor Roboul, Unix System Administrator & Programmer @ sanatorium "Raduga", Sochi, Russia http://www.brainbench.com/transcript.jsp?pid=304744 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000925132516.A20206>