On Tue, May 05, 1998 at 09:44:56AM -0400, Bill Leach wrote:
> The file '/etc/init.d/netbase' has the commands for setting up you
> IP-Masquerading. The defaults that I have seen are always to deny.
^^^^^^^^^^^^^^^
No, they don't. There are some firewall setup commands only:
# deny incoming packets pretending to be from 127.0.0.1
ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 2>/dev/null
|| true
ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 2>/dev/null
|| true
ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 >/dev/null
ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 >/dev/null
There are only these commands, and a few others, to prevent IP spoofing.
This seems to be a common misconception.
Hamish
--
Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
CCs of replies from mailing lists are welcome. http://hamish.home.ml.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
