On 8:45:29 pm 09/30/04 hypoj <[EMAIL PROTECTED]> wrote:
>
> Ki'nh ba'c,
>
> Ca'i vu. na`y thi` mi`nh dda~ hie^?u ro^`i, ba'c gia?ng the^m ca'i
> ddoa.n na`y vo+'i:
>
> for interface in /proc/sys/net/ipv4/conf/*/rp_filter
> do
> echo 1 > $interface
> done
>
> Big thanks,
>
Tu+'c la` no' ba'o to^i muo^'n validate source cu?a connection dde^?
cho^'ng spoofing cu?a IP trong LAN tu+` be^n ngoa`i ma` 0 ca^`n nho+`
dde^'n firewall rules. Ne^'u du`ng firewall rules thi` tho^ng thu+o+n`g na
na' nhu+ du+o+'i
iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
vo+'i eth0 la` external interface.
Ba.n xem trong /proc/sys/net/ipv4/conf/ co' ra^'t nhie^`u interfaces. Ca'i
do`ng tre^n no' ba'o mo+? le^n he^'t (echo 1 thay vi` 0 la` ta('t) ta^'t
ca? ca'c interfaces hie^.n co' tre^n ma'y.
Ca'c ba?n Linux mo+'i sau na`y ba.n co' the^? ddie^`u chi?nh gia' tri. na`y
ba(`ng ca'ch du`ng le^.nh sysctl. Hay "vi /etc/sysctl.conf".
References:
/usr/src/linux/Documentation/filesystems/proc.txt
/usr/src/linux/Documentation/networking/ip-sysctl.txt
http://www.faqs.org/rfcs/rfc1812.html
-Larry
http://www.nhÃmlinux.net
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
VietLUG-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/vietlug-users
