Re: iptables and INVALID packet filtering.

[David Dejaeghere <david.dejaeghere@gmail.com>]

Hi Daniel,

 

If you try to protect a host itself and block all invalid packets then the first rule is the way to go.
Regarding spoofing, you have all kinds of spoofing but i assume you are talking about IP address spoofing. You might want to block packets claiming to come from your local network or from your host itself on interfaces not connected to that network.

 

http://www.cyberciti.biz/tips/linux-iptables-8-how-to-avoid-spoofing-and-bad-addresses-attack.html

 

I find the above link usefull to give you more details on how to block bad address attacks.

But there might be a whole lot more that you want to look into.

 

the rp_filter is another way to tackle these kind of packets.

 

Kind Regards,

 

David

2013/4/4 Daniel Curtis <sidetripping@gmail.com>

H

i

My intentions are very simple. Firstly, I would like to
drop all INVALID packets - for INPUT and OUTPUT chains.
That's the reason why I've asked, which rule is better to use.

I would like to create pretty good protection for a typical
computer - without any services etc. For now, it is only

for testing purposes.  In the future, this computer will be
using for more ambitious things.

What are my intentions according to antispoof? Hmm... simple -

block spoofing? Of, course I can do it with e.g. rp_filter, right

(I mean /proc/sys/net/ipv4/*/rp_filter settings)?

So, when it comes to these two questions; INVALID and spoofing -
according to you, which solution is best, good? Frankly, you already

answered to question about INVALID packet filtering and
suggested, that the first rule is okay. So what about antispoof?

My knowledge of iptables is not good, but I started to use iptables
a couple of weeks ago. Previously, I've used a OpenBSD firewall

so-called pf.