Hi Daniel, If you try to protect a host itself and block all invalid packets then the first rule is the way to go. Regarding spoofing, you have all kinds of spoofing but i assume you are talking about IP address spoofing. You might want to block packets claiming to come from your local network or from your host itself on interfaces not connected to that network.
http://www.cyberciti.biz/tips/linux-iptables-8-how-to-avoid-spoofing-and-bad-addresses-attack.html I find the above link usefull to give you more details on how to block bad address attacks. But there might be a whole lot more that you want to look into. the rp_filter is another way to tackle these kind of packets. Kind Regards, David 2013/4/4 Daniel Curtis <[email protected]> > H > i > > My intentions are very simple. Firstly, I would like to > drop all INVALID packets - for INPUT and OUTPUT chains. > That's the reason why I've asked, which rule is better to use. > > I would like to create pretty good protection for a typical > computer - without any services etc. For now, it is only > for testing purposes. In the future, this computer will be > using for more ambitious things. > > What are my intentions according to antispoof? Hmm... simple - > block spoofing? Of, course I can do it with e.g. rp_filter, right > (I mean /proc/sys/net/ipv4/*/rp_filter settings)? > > So, when it comes to these two questions; INVALID and spoofing - > according to you, which solution is best, good? Frankly, you already > answered to question about INVALID packet filtering and > suggested, that the first rule is okay. So what about antispoof? > > My knowledge of iptables is not good, but I started to use iptables > a couple of weeks ago. Previously, I've used a OpenBSD firewall > so-called pf. >
