Iptables: prevent spoofing with multiple internal nets?
Hi all,
I want to prevent spoofing in my iptables config. However, I am confused about how to go about it when using multiple internal nets. For instance: NET_1="192.168.0.0/24" NET_2="10.10.0.0/16" So, to do anti-spoofing I have to put a line like: iptables -A FORWARD -i eth1 -s ! (NET_1 OR NET_2) -j DROP Obviously the above line won't work in iptables, but you see what I am trying to accomplish. Can anyone help me out? |
Create a rule for each single network?
|
Example:
Code:
iptables -P FORWARD DROP |
All times are GMT -5. The time now is 10:22 PM. |