Hi David.
Should be fine? So, you are not 100 percent sure? Okay, just
kidding (but who knows?) ;-)
kidding (but who knows?) ;-)
Listen David, I have one more question regarding to antispoof.
As we know, typical rule can look, more or less, this way;
> iptables -A INPUT -s 0.0.0.0/8 -j DROP etc.
But recently I came across on pretty strange rule also for
antispoof. This rule, concerns 'nat' table and PREROUTING chain;
> iptables -t nat -I PREROUTING 1 -i xx -s 192.168.0.0/16 -j DROP
> iptables -A INPUT -s 0.0.0.0/8 -j DROP etc.
But recently I came across on pretty strange rule also for
antispoof. This rule, concerns 'nat' table and PREROUTING chain;
> iptables -t nat -I PREROUTING 1 -i xx -s 192.168.0.0/16 -j DROP
So, what do you think? Using PREROUTING chain is good for
antispoof or it is better to use rule mentioned above (INPUT chain)?
antispoof or it is better to use rule mentioned above (INPUT chain)?
No comments:
Post a Comment