Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IPv6 protection for Netfilter<br />
<strong>The</strong> bad ruleset<br />
i p 6 t a b l e s −A FORWARD −m s t a t e −−s t a t e ESTABLISHED,RELATED −j ACCEPT<br />
i p 6 t a b l e s −A FORWARD −i $CLIENT_IFACE ! −s $CLIENT_NET −j DROP<br />
<strong>The</strong> attack packet is valid for Netfilter.<br />
It belongs to an established connection.<br />
It is accepted by the first rule and never reaches the anti-spoofing<br />
rule.<br />
Éric Leblond, Victor Julien (OISF) <strong>The</strong> <strong>menace</strong> <strong>came</strong> <strong>from</strong> <strong>below</strong> <strong>Hack</strong>.<strong>lu</strong> 2012 35 / 66