I'm trying to understand what can be done about IP spoofing in
an environment where there is no router to filter packets. Let's
say your firewall doesn't include a packet filter, and you're
exposing a dual-homed gateway to the internet which is running
netacl or tcp wrappers. One interface is to the outside world,
the other is to your internal networks.
Would it be possible for netacl to do a getsockname() and see which
interface the packet arrived on, and if getpeername() said it was
from one of the internal nets, but getsockname() said it came in
on the outside network interface, just close() the connection and
Would this be a reasonable thing to add to netacl or tcp wrappers?
-Jonathan hue @