[Shorewall-users] Re: Shorewall protection against sppofing

Tom Eastep teastep@shorewall.net
Wed, 24 Apr 2002 05:42:35 -0700 (PDT)


On Wed, 24 Apr 2002, Dag Nygren wrote:

> 
> Hi,
> 
> I am using Shorewall here (1.2.8), and just found some
> strange bootpd access from the bootp server to itself.
> As this shouldn't happen I checked the firewall rules if
> someone pretends to be my main bootpd server from the outside.
> 
> As the rules are fairly complicated I am not sure, but wanted to
> make sure with you that spoofing of the local addresses are automatically
> blocked ?
> 
> It could probably be a good idea to automatically block out the
> 10.x.x.x and other addresses reserved for local networks as well (?).
>

That is what the 'norfc1918' interface option does.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net