Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] host.deny and spoofing
On Tuesday 05 February 2002 11:44, Praise wrote:
> Il 08:13, martedì 5 febbraio 2002, John Andersen ha scritto:
> > On Monday 04 February 2002 05:37 am, Robert Davies wrote:

> It does not route to 127.0.0.1. It routes FROM 127.0.0.1, sometimes.

The kernel's rp_filter should detect this, it's turned on without me taking
action on my SuSE system (perhaps by the firewall scripts though I haven't
noticed them setting this). Previously with Red Hat 6, I had to enable it
myself like this :

# Enable Anti-Spoof protection - sets source route verification
for f in all default eth0 lo
do
echo 1 > /proc/sys/net/ipv4/conf/$f/rp_filter
done
# Disable on internal interfaces, as we can have asymmetric routing
for f in eth1 eth2
do
echo 0 > /proc/sys/net/ipv4/conf/$f/rp_filter
done

Now I just checked it under SuSE dialup system using SuSE personal firewall I
have :

oak:/work/dist/firewall # for iface in /proc/sys/net/ipv4/conf/*/rp_filter
> do echo "$iface `cat $iface`"
> done

/proc/sys/net/ipv4/conf/all/rp_filter 1
/proc/sys/net/ipv4/conf/default/rp_filter 1
/proc/sys/net/ipv4/conf/eth0/rp_filter 1
/proc/sys/net/ipv4/conf/eth1/rp_filter 1
/proc/sys/net/ipv4/conf/lo/rp_filter 1
/proc/sys/net/ipv4/conf/ppp0/rp_filter 1

Rob

< Previous Next >