/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hello: Simple question. Is better to DENY paquets from internal IPs from outside with ipchains or with rp_filter Example: ____ External Ethernet: eth0 ==> 212.55.31.254 / Linux FIREWALL---| \_____ Internal Ethernet: eth1 ==> 192.168.0.1 With iphcaisn i use: ipchains -A input -i eth0 -s 192.168.0.0/24 -j DENY ipchains -A input -i eth1 -s 212.55.31.0/24 -j DENY but with rp_filter if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo -n "Setting up IP spoofing protection..." for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done echo "done." fi Wich is the best solution? Another question. Which is the utiliy of log_martians file? -- SALUDE3. Jorge Novo <[EMAIL PROTECTED]> _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
