[clug] Firewall rules for CentOS 4.4
Sam Couter
sam at couter.id.au
Sat Mar 10 09:10:15 GMT 2007
Ben <shadroth at gmail.com> wrote:
> I thought that by having separate NICs on separate networks, each with
> their own subnet would address this issue, but if someone sets up a
> 192.168.2.x address on the same network as eth0 (and anyone could do
> this), I was told there might be a possiblity of them doing something
> to the NFS share intended for the 192.168.2.0/24 subnet.
The kernel should drop any packet if the incoming interface isn't the
same interface the kernel would route a reply packet back out of, so
those firewall rules won't change anything.
This used to be an option that was off by default, but I believe it's
now on by default. The option is called spoof protection.
--
Sam Couter | mailto:sam at couter.id.au
| jabber:sam at teknohaus.dyndns.org
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20070310/ab8a7670/attachment.bin
More information about the linux
mailing list