12 Oct
2016
12 Oct
'16
11:15 a.m.
Rob,
You stated:
"When you are worried about intrusions it is
probably more effective to
block IPIP packets from sources that are not in the gateway list. I do
that as well (via ampr-ripd)."
What command/script do you use to add the endpoints to
iptables?
I have posted it before on this mailinglist:
http://hamradio.ucsd.edu/mailman/private/44net/2014-November/003577.html
This script manipulates an iptables chain. It would be possible to do a similar
thing with the "ipset" command to manipulate an address list when you are
familiar with that (I wasn't when I wrote this script).
Advantage of using iptables is you have statistics per rule in the table
so you can see which IPIP peers are sending traffic to you. New versions
of ipset support counters but the one I am running doesn't.
With a command like this you get a quick overview of your active IPIP peers:
iptables -L ipipfilter -vn | grep -v ' 0 ACCE'
Rob