Enabling Source Address Verification

Enabling Source Address Verification

To prevent remote host from spofing incoming packets as if they had come from the local machine.

Solution:

Trun on source address verification in the Linux kernel.

echo 1 > /pro/sys/net/ipv4/default/rp_filter

A quick method is to add this line to /etc/sysctl.conf

net.ipv4.conf.all.rp_filter = 1

And then run the sysctl command to read the configuration.

sysctl -p

DESCRIPTION

sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data.

EXAMPLES

/sbin/sysctl -a
/sbin/sysctl -n kernel.hostname
/sbin/sysctl -w kernel.domainname=”example.com”
/sbin/sysctl -p /etc/sysctl.conf

-w Use this option when you want to change a sysctl setting.

-p Load in sysctl settings from the file specified or /etc/sysctl.conf if none given. Specifying - as filename means reading data from standard input.

-a Display all values currently available.

-A Display all values currently available in table form.

Tags: iptables, source address, sysctl, verification

Trackback URI | Comments RSS

You must be logged in to post a comment.

ServerBuddies Support Blog

Linux Support Blog

Enabling Source Address Verification

Leave a Reply

E-mail Updates

Archives

Categories

Links