5.31. Enable IP spoofing protection

The spoofing protection prevents your network from being the source of spoofed i.e. forged communications that are often used in DoS attacks.

Version 6.1 only


              [root@deep] /# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
              > echo 1 > $f
              > done
              

              [root@deep] /#
              
Add the above commands to the /etc/rc.d/rc.local script file and you'll not have to type it again the next time you reboot your system.

Version 6.2 only

Edit the /etc/sysctl.conf file and add the following line:

              # Enable IP spoofing protection, turn on Source Address Verification
              net.ipv4.conf.all.rp_filter = 1
              
You must restart your network for the change to take effect. The command to manually restart the network is the following:

              [root@deep] /# /etc/rc.d/init.d/network restart
              Setting network parameters        [  OK  ]
              Bringing up interface lo          [  OK  ]
              Bringing up interface eth0        [  OK  ]
              Bringing up interface eth1        [  OK  ]