Routing and security

Martin Kraus martin.kraus at wujiman.net
Tue Dec 3 14:04:06 CET 2013


On Tue, Dec 03, 2013 at 01:04:03PM +0100, Alessandro Brega wrote:
>    Setup firewall (iptables) rules so that only traffic with a destination
>    of my own IP space is accepted from other IXP participant. Drop any other
>    traffic from IXP participants.

Hi. Implementing BCP38 on your outgoing interfaces, where you allow only ip
packets with source ip address from your address allocation should prevent
that and also protect others from spoofing attacks from your own network.

on the down side you'd have to process their traffic on the router or even
route it through your internal network if your upstream is somewhere else but
I don't think they would be pointing their static route at you for long if 
you drop the packets in the end.

cheers
mk



More information about the Bird-users mailing list