[clug] Firewall rules for CentOS 4.4

Alex Satrapa grail at goldweb.com.au
Mon Mar 12 00:31:07 GMT 2007

On 10/03/2007, at 18:10 , Ben wrote:

> I thought that by having separate NICs on separate networks, each with
> their own subnet would address this issue, but if someone sets up a
> 192.168.2.x address on the same network as eth0 (and anyone could do
> this), I was told there might be a possiblity of them doing something
> to the NFS share intended for the subnet.

Some systems will have a file /etc/network/options which contains a  

Setting that to "yes" will turn on the "spoof protection" feature  
that Sam mentioned.

Alternately, there is a proc file system file you can frob /proc/sys/ 
net/ipv4/conf/all/rp_filter  (ie: "echo 1 > /proc/sys/net/ipv4/conf/ 
all/rp_filter" will do the job better than any number of ip_tables  

There is also an "rp_filter" file in the directory for each  
individual interface. Thus /proc/sys/net/ipv4/conf/eth0/rp_filter  
and /proc/sys/net/ipv4/conf/eth0/rp_filter give you fine-grained  

Do you want to know more?  Visit http://www.google.com/search? 

More information about the linux mailing list