Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 5. General System SecurityNext

5.31. Enable IP spoofing protection

The spoofing protection prevents your network from being the source of spoofed i.e. forged communications that are often used in DoS attacks.

Version 6.1 only


              [root@deep] /# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
              > echo 1 > $f
              > done
              

              [root@deep] /#
Add the above commands to the /etc/rc.d/rc.local script file and you'll not have to type it again the next time you reboot your system.

Version 6.2 only

Edit the /etc/sysctl.conf file and add the following line: 

              # Enable IP spoofing protection, turn on Source Address Verification
              net.ipv4.conf.all.rp_filter = 1
You must restart your network for the change to take effect. The command to manually restart the network is the following: 

              [root@deep] /# /etc/rc.d/init.d/network restart
              Setting network parameters	[  OK  ]
              Bringing up interface lo		[  OK  ]
              Bringing up interface eth0	[  OK  ]
              Bringing up interface eth1	[  OK  ]

PrevHomeNext
Enable bad error message ProtectionUpLog Spoofed, Source Routed and Redirect Packets