Diff for scripts/shell/firewall/fw-universal.sh between version 2.66 and 2.67
version 2.66, 2009/02/06 23:13:38 |
version 2.67, 2009/02/11 22:55:41 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.65 2009-02-06 00:43:12 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.66 2009-02-06 23:13:38 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
Line 335 anti_spoof_filter() |
|
Line 335 anti_spoof_filter() |
|
$IPTABLES -A spoof -s 172.16.0.0/12 -j DROP # RFC1918 |
$IPTABLES -A spoof -s 172.16.0.0/12 -j DROP # RFC1918 |
$IPTABLES_LOG -A spoof -s 10.0.0.0/8 $LOG_LIMIT "RESERVED:10.0.0.0/8 src" |
$IPTABLES_LOG -A spoof -s 10.0.0.0/8 $LOG_LIMIT "RESERVED:10.0.0.0/8 src" |
$IPTABLES -A spoof -s 10.0.0.0/8 -j DROP # RFC1918 len pre sietovy interface do Internetu, kedze 10.0.0.0 je adresa LAN |
$IPTABLES -A spoof -s 10.0.0.0/8 -j DROP # RFC1918 len pre sietovy interface do Internetu, kedze 10.0.0.0 je adresa LAN |
$IPTABLES_LOG -A spoof -s 96.0.0.0/4 $LOG_LIMIT "RESERVED:96.0.0.0/4 src" |
|
$IPTABLES -A spoof -s 96.0.0.0/4 -j DROP # IANA |
# 2009-02-11 - Not reserver anymore: http://www.iana.org/assignments/ipv4-address-space/ |
|
# - it is a Comcast network now |
|
#$IPTABLES_LOG -A spoof -s 96.0.0.0/4 $LOG_LIMIT "RESERVED:96.0.0.0/4 src" |
|
#$IPTABLES -A spoof -s 96.0.0.0/4 -j DROP # IANA |
|
|
for iface in $ANTISPOOF_IFACE; do |
for iface in $ANTISPOOF_IFACE; do |
print_info -en " $iface" |
print_info -en " $iface" |
Platon Group <platon@platon.org> http://platon.org/
|
|