Page 4 —
Don't Get Spoofed
Would you like some ne'er-do-well to use your Linux box to deface a government Web site? If you'd rather not deal with the FBI, you're going to need some spoofing protection. Here's how it works: Your Linux box will know that certain IP addresses must originate from inside the network. If someone on the Net tries to use an IP that should exist only within the network, it will kill the request. Note that this might not work if you have only one network card. And even if you have two network cards, there's no guarantee this will put an end to spoofing. But it's better than nothing and much easier to deal with than a full set of firewall statements.
Open /etc/rc.d/init.d/network in your favorite text editor and add these lines to the beginning of the configuration.
# Setup Automatic IP spoof protectorif [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; thenecho -n "Setting up IP spoofing protection..."for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $fdoneecho "done."elseecho PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED.echo "CONTROL-D will exit from this shell and continue system start up."echo# Start a single user shell on the console/sbin/sulogin $CONSOLE fi
