Do some spoofcheks even in ipv6. This is probably not complete
[alff.git] / share / plugins / plugin.d / drop_spoofed_packets_
1 #!/bin/bash -e
2 #
3 # drop_spoofed_packets_
4 #
5 # Drop every packet which is surely spoofed.
6 #
7 # Maximilian Wilhelm <max@rfc2324.org>
8 #  --  Mon, 24 Apr 2006 19:57:56 +0200
9 #
10
11 . /usr/share/alff/lib/plugin-routines
12
13 chain=`getOption "$1"`
14
15 if [ "${chain}" ]; then
16
17         vaild_chain='false'
18         case "${chain}" in
19                 INPUT|FORWARD)
20                         valid_chain='true'
21                         ;;
22                 *)
23                         if chainExists "${1}" "filter"; then
24                                 valid_chain='true'
25                         fi
26         esac
27
28         if [ "${valid_chain}" = 'true' ]; then
29                 echo " * Creating rule to DROP spoofed packets... "
30                 echo "iptables -A ${chain} -j spoofcheck" >&3
31                 echo "ip6tables -A ${chain} -j spoofcheck" >&3
32         else
33                 echo "Error: Chain \"spoofcheck\" does not exist, but should be hooked in into ${chain}!">&2
34         fi
35 else
36         echo "Error: You did not specify the chain in which 'spoofcheck' should be hooked in" >&2
37 fi