LinuxQuestions.org - Iptables: prevent spoofing with multiple internal nets?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Iptables: prevent spoofing with multiple internal nets? (https://www.linuxquestions.org/questions/linux-security-4/iptables-prevent-spoofing-with-multiple-internal-nets-720665/)

oasisbhrnw99

04-21-2009 09:08 AM

Iptables: prevent spoofing with multiple internal nets?

Hi all,

I want to prevent spoofing in my iptables config. However, I am confused about how to go about it when using multiple internal nets. For instance:

NET_1="192.168.0.0/24"
NET_2="10.10.0.0/16"

So, to do anti-spoofing I have to put a line like:

iptables -A FORWARD -i eth1 -s ! (NET_1 OR NET_2) -j DROP

Obviously the above line won't work in iptables, but you see what I am trying to accomplish. Can anyone help me out?

*******

04-21-2009 10:12 AM

Create a rule for each single network?

win32sux

04-21-2009 12:36 PM

Example:

Code:

iptables -P FORWARD DROP

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT

iptables -A FORWARD -i eth2 -o eth0 -s 10.10.0.0/16 -m state --state NEW-j ACCEPT

All times are GMT -5. The time now is 10:22 PM.