Joel Hammer wrote:
>
> On Sun, Sep 23, 2001 at 10:43:21AM -0400, burns wrote:
> > On September 22, 2001 09:32 am, Joel Hammer wrote:
> > > What is the most sensible way to prevent IP Spoofing on a Caldera 2.4 box
> > > with an updated (2.4) kernel? I am using ipchains and tcpwrappers.
> >
> > COAS -> Network -> TCP/IP -> Resolver, tick 'prevent IP spoofing, I believe.
> >
> > Can't check as I'm on a SuSE box at the moment.
>
> I don't use COAS. I just don't have much success with graphical thingee's.
> What is COAS doing? It must be putting a flag somewhere.
> Is this something you have to build into the kernel?
> Joel
Although I can't remember what they are all exactly for, there are
several lines used in the script I use related to this...they are from
several resources I have read on the firewalls, ipchains etc., and
should at least point you in the right direction.
<CUT-N-PASTE>
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for f in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $f
done
fi
#Turn on SYN COOKIES PROTECTION (Thanks Holger!)
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]
then
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
fi
#############################################################
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
for f in /proc/sys/net/ipv4/conf/*/accept_redirects
do
echo 0 > $f
done
for f in /proc/sys/net/ipv4/conf/*/accept_source_route
do
echo 0 > $f
done
for f in /proc/sys/net/ipv4/conf/*/log_martians
do
echo 1 > $f
done
</CUT-N-PASTE>
HTH
--
Linux SxS [http://hal.humberc.on.ca/~mrcn0031/sxs/]
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
