Hi , We had the following iptables rules to prevent Source IP spoofing - A INPUT -s 255.0.0.0/8 -j LOG --log-prefix "Spoofedsource IP"-A INPUT -s 255.0.0.0/8 -j DROP -A INPUT -s 0.0.0.0/8 -j LOG --log-prefix "Spoofed source IP" -A INPUT -s 0.0.0.0/8 -j DROP
We want to add the following further rules /sbin/iptables-t INPUT -A PREROUTING -s 224.0.0.0/3 -j DROP /sbin/iptables -t INPUT -A PREROUTING -s 169.254.0.0/16 -j DROP /sbin/iptables -t INPUT -A PREROUTING -s 240.0.0.0/5 -j DROP As per our understanding any packets with above source IP should be considered as invalid . These ranges are as follows IPv4Multicast Address Space : 224.0.0.0 Reserved Space : 240.0.0.0 Automatic Private IP Addressing : 169.254.0.0/16 Since we are going to implement it in production , I want to do proper analysis before implementing it so that we don't drop valid packets. Also , what about implementing these kernel level parameters which enables source address verification . net.ipv4.conf.all.rp_filter=1net.ipv4.conf.all.log_martians=1 net.ipv4.conf.default.log_martians=1 Please suggest .
-- redhat-sysadmin-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
