free
/
freedombone
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
Bladeren bron

Drop spoofed packets

Bob Mottram 8 jaren geleden
bovenliggende
3652cc5c87
commit
38072abc54
2 gewijzigde bestanden met toevoegingen van 19 en 0 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 16
    0
      src/freedombone-utils-firewall
  2. 3
    0
      src/freedombone-utils-setup

+ 16
- 0
src/freedombone-utils-firewall Bestand weergeven 

@@ -466,4 +466,20 @@ function firewall_unblock_domain {
466 466 
     fi
467 467 
 }
468 468
469 
+function firewall_drop_spoofed_packets {
470 
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
471 
+        return
472 
+    fi
473 
+    iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
474 
+    iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
475 
+    iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
476 
+    iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
477 
+    iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
478 
+    iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
479 
+    iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
480 
+    function_check save_firewall_settings
481 
+    save_firewall_settings
482 
+    mark_completed $FUNCNAME
483 
+}
484 
+
469 485 
 # NOTE: deliberately no exit 0

+ 3
- 0
src/freedombone-utils-setup Bestand weergeven 

@@ -564,6 +564,9 @@ function setup_firewall {
564 564 
     function_check firewall_drop_telnet
565 565 
     firewall_drop_telnet
566 566
567 
+    function_check firewall_drop_spoofed_packets
568 
+    firewall_drop_spoofed_packets
569 
+
567 570 
     function_check configure_firewall_for_dns
568 571 
     configure_firewall_for_dns
569 572