[Shorewall-users] Re: Shorewall protection against sppofing

Tom Eastep teastep@shorewall.net
Wed, 24 Apr 2002 05:42:35 -0700 (PDT)

On Wed, 24 Apr 2002, Dag Nygren wrote:

> Hi,
> I am using Shorewall here (1.2.8), and just found some
> strange bootpd access from the bootp server to itself.
> As this shouldn't happen I checked the firewall rules if
> someone pretends to be my main bootpd server from the outside.
> As the rules are fairly complicated I am not sure, but wanted to
> make sure with you that spoofing of the local addresses are automatically
> blocked ?
> It could probably be a good idea to automatically block out the
> 10.x.x.x and other addresses reserved for local networks as well (?).

That is what the 'norfc1918' interface option does.

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net