2.2. Blocking Spoofed Addresses
Problem
You want to prevent remote hosts from pretending to be local to your network.
Solution
For a single machine, to prevent remote hosts from pretending to be that machine, use the following:
For iptables
:
# iptables -A INPUT -iexternal_interface
-syour_IP_address
-j REJECT
For ipchains
:
# ipchains -A input -iexternal_interface
-syour_IP_address
-j REJECT
If you have a Linux machine acting as a firewall for your internal network (say, 192.168.0.*) with two network interfaces, one internal and one external, and you want to prevent remote machines from spoofing internal IP addresses to the external interface, use the following:
For iptables
:
# iptables -A INPUT -i external_interface
-s 192.168.0.0/24 -j REJECT
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.