Hummm, not sure what to say. Yes, I knew that these were to prevent spoofing and since I could not find any other place where ipfwadm commands were issued, the defaults for ipfwadm appeared to be 'deny' (which of course makes sense).
It further seemd to me that /etc/netbase is the logical location for the additional rules. If not, I'd rather like to know why not as well as where they should be placed. On Wed, May 06, 1998 at 12:11:14AM +1000, Hamish Moffatt wrote: > On Tue, May 05, 1998 at 09:44:56AM -0400, Bill Leach wrote: > > The file '/etc/init.d/netbase' has the commands for setting up you > > IP-Masquerading. The defaults that I have seen are always to deny. > ^^^^^^^^^^^^^^^ > > No, they don't. There are some firewall setup commands only: > > # deny incoming packets pretending to be from 127.0.0.1 > ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 > 2>/dev/null || true > ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 > 2>/dev/null || true > ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 >/dev/null > ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 >/dev/null > > There are only these commands, and a few others, to prevent IP spoofing. > This seems to be a common misconception. > > > Hamish > -- > Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] > Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 > CCs of replies from mailing lists are welcome. http://hamish.home.ml.org > > -- best, -bill [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] from a 1996 Micro$loth ad campaign: "The less you know about computers the more you want Micro$oft!" See! They do get some things right! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
