Cheat Sheets

Network - IP Spoofing

Description

Ensures that IP spoofing protection is enabled

Solution

echo 'net.ipv4.conf.all.rp_filter=1' >/etc/sysctl.d/50-net.ipv4.conf.all.rp_filter.conf

Check Script: network-rp-filter.sh

#!/bin/bash

if [[ $(/sbin/sysctl -n net.ipv4.conf.all.rp_filter 2>/dev/null) == 1 ]]; then result_failed "net.ipv4.conf.all.rp_filter is not 1" fi
Comment on Disqus