Re: OT: Re: [PATCH] REJECT with fake source IP update

2002-05-24 Thread Ben Reser
On Fri, May 24, 2002 at 05:40:24PM +1000, Andrew Smith wrote: > Sorry - not really netfilter related ... > But I was wondering if you meant that typical ISP's in the USA use > egress filters to stop people from supplying a source IP address that is > not directly assigned to them and thus stop any

OT: Re: [PATCH] REJECT with fake source IP update

2002-05-24 Thread Andrew Smith
> On Wednesday 22 May 2002 14:47, Ben Reser wrote: >> On Wed, May 22, 2002 at 03:36:51PM +0800, Fabrice MARIE wrote: >> > Well, say your firewall is 202.58.4.3, >> > your webservers are 202.58.4.7-20 and all traffic from outside to >> > your webservers is filtered by your firewall. >> > Now you ca

Re: [PATCH] REJECT with fake source IP update

2002-05-22 Thread Henrik Nordstrom
On Wednesday 22 May 2002 08:27, Ben Reser wrote: > On Wed, May 22, 2002 at 02:56:28PM +0800, Fabrice MARIE wrote: > > Here's a patch from Guilaumme Morin that updates > > my previous 'send icmp unreach* with fake source IP' patch, > > so that on top of being able to specify manually which > > fake

Re: [PATCH] REJECT with fake source IP update

2002-05-22 Thread Harald Welte
On Wed, May 22, 2002 at 02:56:28PM +0800, Fabrice MARIE wrote: > > Hello, > > Here's a patch from Guilaumme Morin that updates thanks, patch applied. > Fabrice MARIE -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ===

Re: [PATCH] REJECT with fake source IP update

2002-05-21 Thread Fabrice MARIE
On Wednesday 22 May 2002 14:47, Ben Reser wrote: > On Wed, May 22, 2002 at 03:36:51PM +0800, Fabrice MARIE wrote: > > Well, say your firewall is 202.58.4.3, > > your webservers are 202.58.4.7-20 and all traffic from outside to your > > webservers is filtered by your firewall. > > Now you can tell

Re: [PATCH] REJECT with fake source IP update

2002-05-21 Thread Ben Reser
On Wed, May 22, 2002 at 03:36:51PM +0800, Fabrice MARIE wrote: > Well, say your firewall is 202.58.4.3, > your webservers are 202.58.4.7-20 and all traffic from outside to your webservers > is filtered by your firewall. > Now you can tell your firewall : > > if packet src != trusted and dest=202.

Re: [PATCH] REJECT with fake source IP update

2002-05-21 Thread Fabrice MARIE
Hello, On Wednesday 22 May 2002 14:27, Ben Reser wrote: > > [...] > > it is now possible to fake the source IP dynamically > > (using the dest of the original packet as the fake > > source IP), as per explained in this thread : > > http://lists.samba.org/pipermail/netfilter/2002-February/020237.

Re: [PATCH] REJECT with fake source IP update

2002-05-21 Thread Ben Reser
On Wed, May 22, 2002 at 02:56:28PM +0800, Fabrice MARIE wrote: > Here's a patch from Guilaumme Morin that updates > my previous 'send icmp unreach* with fake source IP' patch, > so that on top of being able to specify manually which > fake source IP should be set on the icmp unreach, > it is now p

[PATCH] REJECT with fake source IP update

2002-05-21 Thread Fabrice MARIE
Hello, Here's a patch from Guilaumme Morin that updates my previous 'send icmp unreach* with fake source IP' patch, so that on top of being able to specify manually which fake source IP should be set on the icmp unreach, it is now possible to fake the source IP dynamically (using the dest of the