26 Sep
2016
26 Sep
'16
3:14 a.m.
On Sun, 25 Sep 2016 21:19:31 -0700, Hugo Slabbert said:
Linux: From /etc/sysctl.conf:
# Uncomment the next two lines to enable Spoof protection (reverse-path=20 # filter) # Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1
Unfortunately, the net.ipv6 equivalents for those do not yet seem to be a thing on Linux.
See net/ipv6/netfilter/ip6t_rpfilter.c Also, note that a lot of net.ipv4.conf variables also apply to ipv6 (though checking the source tree, this isn't one of them, unless it's via a macro that some quick grepping didn't find...)