On Mon, 12 May 2003, Kiryanov Vasiliy wrote: > I writed little script that prevent basic crack throught PPP, > (when you use dial-up method to use InterNet) by blocking packets > that have: > 1) your source ip
That should be one line. > 2) loopback source ip Also, one line. > 3) A,B,C class network source ip You do not want to be doing this, if what you're doing is what I think you're doing. Classless addressing has been around for many years, and should be respected. > 4) D - class, multicast source ip Dunno multicast, but it may be a bad idea and/or a one-liner. > 5) E - class, reserved source ip AFAICR, there are no truly "reserved" IP blocks, unless you count the RFC1918 blocks. That's not a bad idea to block them, although your ISP should be null-routing those anyway. > 6) your ISP adresses block without the peer throught you work I'm not sure what it is you're blocking with this one. Care to explain further? > QUESTION: > I think send that scripts to Michael Beattie that maintaine ppp package, > but script too trivial and need iptables package and kernel iptables > support. Yup. No need to bloat ppp with more dependencies. > For new package I think is too SMALL and too EASY. Not necessarily, but I certainly think it needs more work. > How you think if that script can be good for anything? Either try and get it integrated with one of the myriad of existing firewall scripts (or all of them), or put up a webpage describing what they do and how to use them. -- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer, Geek In Residence http://ieee.uow.edu.au/~mjp16
