Iptables to prevent Ip Spoofing
Zama Ques
queszama at yahoo.in
Wed Dec 21 12:43:11 UTC 2016
Hi ,
We had the following iptables rules to prevent Source IP spoofing
- A INPUT -s 255.0.0.0/8 -j LOG --log-prefix "Spoofedsource IP"-A INPUT -s 255.0.0.0/8 -j DROP
-A INPUT -s 0.0.0.0/8 -j LOG --log-prefix "Spoofed source IP"
-A INPUT -s 0.0.0.0/8 -j DROP
We want to add the following further rules
/sbin/iptables-t INPUT -A PREROUTING -s 224.0.0.0/3 -j DROP
/sbin/iptables -t INPUT -A PREROUTING -s 169.254.0.0/16 -j DROP
/sbin/iptables -t INPUT -A PREROUTING -s 240.0.0.0/5 -j DROP
As per our understanding any packets with above source IP should be considered as invalid . These ranges are as follows
IPv4Multicast Address Space : 224.0.0.0
Reserved Space : 240.0.0.0
Automatic Private IP Addressing : 169.254.0.0/16
Since we are going to implement it in production , I want to do proper analysis before implementing it so that we don't drop valid packets. Also , what about implementing these kernel level parameters which enables source address verification . net.ipv4.conf.all.rp_filter=1net.ipv4.conf.all.log_martians=1
net.ipv4.conf.default.log_martians=1
Please suggest .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20161221/143f952b/attachment.htm>
More information about the redhat-sysadmin-list
mailing list