Tom Eastep
2002-Apr-24 12:42 UTC
[Shorewall-users] Re: Shorewall protection against sppofing
On Wed, 24 Apr 2002, Dag Nygren wrote:> > Hi, > > I am using Shorewall here (1.2.8), and just found some > strange bootpd access from the bootp server to itself. > As this shouldn''t happen I checked the firewall rules if > someone pretends to be my main bootpd server from the outside. > > As the rules are fairly complicated I am not sure, but wanted to > make sure with you that spoofing of the local addresses are automatically > blocked ? > > It could probably be a good idea to automatically block out the > 10.x.x.x and other addresses reserved for local networks as well (?). >That is what the ''norfc1918'' interface option does. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net