RE: network range

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
> > How do you specifiy more than one netwrk range in a rule, is it 
> > possible?

No.

> > i want to do the following:
> > iptables -A INPUT -s 10.0.0.0/8 169.254.0.0/16 -j DROP

You can't ;).

> How can i create a chaine and a rule that will block all the 
> non routed network ranges from entering the network from the 
> external interface incase someones trying to spoof you?

Like this :

iptables -N spoof
iptables -A spoof -i <if_inet> -s 10.0.0.0/8 -j DROP
iptables -A spoof -i <if_inet> -s 169.254.0.0/16 -j DROP
...

iptables -A INPUT -j spoof
iptables -A FORWARD -j spoof


Gr,
Rob
[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux