[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

User ppp: filtering spoofed packets?



Given:
An internal network that uses a private address space, say
192.168.0.0/24, occasionally connected by "ppp -nat" to an untrusted
external network. Dial-up PPP, dynamic address assignment, NAT.

Problem:
How to use ppp(8)'s packet filter to discard spoofed packets coming
in from the outside?  Packets with a source address of 192.168.0.*
that come in over the PPP link are "impossible" and should be
discarded right away.

(What's the generic term for filtering out inbound traffic that
carries internal source addresses and outbound traffic that doesn't?
I remember there is one, but I've forgotten the term itself, and
I can't find a glossary of routing speak on the net.)

Is this possible with ppp(8)'s packet filter?  I tried

set filter in 0 deny ! 0/0 MYADDR/32
set filter in 39 permit 0/0 0/0

but that chokes off all inbound traffic, which makes me suspect
that the packet filter is only applied after NAT.

-- 
Christian "naddy" Weisgerber                          naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de