In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Also, I would set some no-spoof rules, like accept 127.0.0.0/8 only from
>interface lo, and drop
>non-routable stuff coming from public interface.
for dev in default eth0 eth1 eth2 eth3 eth4 eth5 eth6
do
echo 1 >/proc/sys/net/ipv4/conf/${dev}/rp_filter
done
Much better than trying to put such stuff in iptables. This changes with
your routing tables, and you don't need to duplicate them.
--
Blars Blarson [EMAIL PROTECTED]
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
