ip_spoofing.fw

#!/bin/bash
# A Linux Shell Script with common rules for IPTABLES Firewall.
# This script is for avoiding IP Spoofing attack
# -------------------------------------------------------------------------
# Copyright (c) 2012 Naqsh Jahan Toos Inc. <http://jnaqsh.com/>
# This script is licensed under GNU GPL version 3.0 or above
# -------------------------------------------------------------------------

echo "Starting IP Spoofing wall..."

PUB_IF="eth0" # connected to internet
SERVER_IP="`cat /root/iptables_firewall/server_ip`" # server IP

# Add your IP range/IPs here,
SPOOF_IPS="0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3"

IPT="/sbin/iptables" # path to iptables


# Drop packet that claiming from our own server
$IPT -A INPUT -i $PUB_IF -s $SERVER_IP -j DROP
$IPT -A OUTPUT -o $PUB_IF -s $SERVER_IP -j DROP

for ip in $SPOOF_IPS
do
  $IPT -A INPUT -i $PUB_IF -s $ip -j DROP
  $IPT -A OUTPUT -o $PUB_IF -s $ip -j DROP
done