From mboxrd@z Thu Jan  1 00:00:00 1970
From: Robb Bossley <robb.bossley@gmail.com>
Date: Tue, 13 Dec 2005 12:43:46 +0000
Subject: [LARTC] Some questions
Message-Id: <5c6851530512130443j3a4ac990l59c6ac7552557966@mail.gmail.com>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

First of all, thank you to all of you who have helped to make iptables
possible, whether in writing the code for it or testing it.  It is
BETTER than sliced bread!  :-)

Anyways, I have two questions related to the use of iptables.

1.  I read on a post somewhere that it is smart to put the following
two rules at the end of one's iptables ruleset:
iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i eth0 -j REJECT --reject-with tcp-reset
The reasoning was that it would not look like a software firewall, but
rather would look like a machine that had no open ports.  Does this
sound reasonable?  What would all of you do?

2.  I also read on some website that it is important to use this line
in the setup for iptables:
echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
What does this do (it said something about spoofing, but I did not
understand), and is it necessary?

Thank you all for your enlightenment!

Robb
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc