Anti-spoofing

Note that anti-spoofing isn't needed if iptables (see below) is used by NARC (see below), since NARC provides anti-spoofing in its firewall rules.

/etc/rc.d/init.d/antispoofing:

Turns anti-spoofing on/off. Packets from outside the local network are checked to see that they don't have local return addresses (spoofing).

     "start" - Starts up anti-spoofing.
     "stop"  - Shuts anti-spoofing down.

You must create the antispoofing script, a sample of which, is shown below:

     #! /bin/sh
     # Script to turn on anti-spoofing.
     # If no source address verification, do nothing.
     [ -f /proc/sys/net/ipv4/conf/all/rp_filter ] || exit 0
     case "$1" in
         start)
          echo -n "Turning on antispoofing:"
          for f in /proc/sys/net/ipv4/conf//rp_filter; do
              echo 1 > $f
          done
          echo "."
          ;;
         stop)
          echo -n "Turning off antispoofing:"
          for f in /proc/sys/net/ipv4/conf//rp_filter; do
              echo 0 > $f
          done
          echo "."
          ;;
         *)
          echo "Usage: /etc/rc.d/init.d/antispoofing {start|stop}"
          exit 1
          ;;
     esac
     exit 0