Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Block martians with source address 127.0.0.1
From: Patrick Benson (bensonchello.se)
Date: Mon May 31 2004 - 17:15:11 CDT
Bjørn Rasmussen wrote:
> I've firewall connected to the Internet via an ISDN-line. Sometimes
> martians arrive from the Internet with source address 127.0.0.1. I want
> to block these packets, but I don't find any way to set up the rules to
> accomplish this.
> Normally I use "fwbuilder" to set up my rules, but since the martians
> were not blocked by the spoofing-rules generated by "fwbuilder", I tried
> a simple test using iptables-commands directly.
> I added these rules as the only ones to the input chain on my
> iptables -A INPUT -i eth0 -s 127.0.0.1 -j LOG
> iptables -A INPUT -i eth0 -s 127.0.0.1 -j DROP
> iptables -A INPUT -i eth0 -s -j LOG
> iptables -A INPUT -i eth0 -s -j DROP
> >From a client on my LAN, I used the command "nmap -e <LAN-interface on
> client> -S 127.0.0.1 <ip-addr. of firewalls LAN-interfac>" to spoof the
> localhost address.
> The kernel on the firewall logs these packets as martians which it
> should do, but my rules will not log or block these packets. Anybody
> who knows how to do it? Is it possible? I guess there are situations
> were malicious persons could at least perform a DoS-attack?
You may want to take a look at Shorewall: http://shorewall.net/
which uses the BOGON feature:
You can process the packets normally, silently drop them or log then
A complete list of BOGONS can be found at: