[1900] in linux-net channel archive
Re: Filtering ppp0
daemon@ATHENA.MIT.EDU (Leonard N. Zubkoff)
Sun Feb 11 22:22:33 1996
Date: Sun, 11 Feb 1996 18:49:45 -0800
From: "Leonard N. Zubkoff" <lnz@dandelion.com>
To: greens@sga.com
Cc: linux-net@vger.rutgers.edu, greens@cici.com
In-Reply-To: <Pine.LNX.3.91.960211163700.10833A-100000@osprey.sga.com> (greens@sga.com)
Date: Sun, 11 Feb 1996 17:42:38 -0600 (CST)
From: "Sarah L. Green" <greens@sga.com>
Hi!
Like many folks, I have a home network (say mydomain.com) on
ethernet (eth0) and dial-up access (ppp0) to Internet.
I've been reading about firewalling & securing networks.
And one thing mentioned is to ensure that internal addresses
do not come from outside locations. In my case, that requests
to/from mydomain.com should never come in from ppp0 or got out
over ppp0. I've seen solutions/code for the case of two
ethernets (eth0 & eth1) but not the mix of eth0 & ppp0.
Seems reasonable that code already exists. At the bookstore, I
perused through about six books (including 2 different Linux
Network Admin Guides), this wasn't really discussed. (FYI: I'm
running slackware linux 1.2.13 though I could probably upgrade, if
gives any benefits.)
Any suggestions & leads?
Here's what I'm using
for interface in x.y.z.v; do
# Block UDP packets incorrectly claiming to be from the local Ethernet.
/sbin/ipfw add blocking deny udp iface $interface from a.b.c.0/22 to 0/0
# Block TCP packets incorrectly claiming to be from the local Ethernet.
/sbin/ipfw add blocking deny tcp iface $interface from a.b.c.0/22 to 0/0
done
