free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Drop spoofed packets

This commit is contained in:
Bob Mottram 2017-04-25 13:40:11 +01:00
parent 3652cc5c87
commit 38072abc54
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/freedombone-utils-firewall
View File

@ -466,4 +466,20 @@ function firewall_unblock_domain {
fi
}
function firewall_drop_spoofed_packets {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
function_check save_firewall_settings
save_firewall_settings
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

3
src/freedombone-utils-setup
View File

@ -564,6 +564,9 @@ function setup_firewall {
function_check firewall_drop_telnet
firewall_drop_telnet
function_check firewall_drop_spoofed_packets
firewall_drop_spoofed_packets
function_check configure_firewall_for_dns
configure_firewall_for_dns