1
I'm trying to drop all packets from the internet that use a fake ip address so they appear to come locally.
Do I need both lines or only the first ?
--append INPUT ! --in-interface lo --source 127.0.0.0/8 --jump DROP --append INPUT ! --in-interface lo --destination 127.0.0.0/8 --jump DROP
You should consider setting /proc/sys/net/ipv4/conf/all/rp_filter. See here http://www.linuxsecurity.com/content/view/111337/65/ for a description.
– ceving – 2011-06-03T17:56:23.660