Using rp_filter against internal network spoofing

You can configure a lot of service or options using the filesystem /proc. To prevent ip-spoofing the /proc filesystem provide the rp_filter configuration files.

rp_filter

Integer value determines if a source validation should be made. 1 means yes, 0 means no. Disabled by default, but local/broadcast address spoofing is always on. If you set this to 1 on a router that is the only connection for a network to the net, it will prevent spoofing attacks against your internal networks (external addresses can still be spoofed), without the need for additional firewall rules.

There is an rp_filter file for each interface in the system, you can find these files in 

/proc/sys/net/ipv4/conf

Here you’ll find one subdirectory for each interface the system knows about and one directory called all. Changes in the all subdirectory affect all interfaces, whereas changes in the other subdirectories affect only one interface. All directories have the same entries.

gg1@xappsoftware:~$ ls -al /proc/sys/net/ipv4/conf/
total 0
dr-xr-xr-x 0 root root 0 2009-09-27 18:05 .
dr-xr-xr-x 0 root root 0 2009-09-27 18:05 ..
dr-xr-xr-x 0 root root 0 2009-09-27 18:05 all
dr-xr-xr-x 0 root root 0 2009-09-27 18:05 default
dr-xr-xr-x 0 root root 0 2009-09-27 18:40 eth0
dr-xr-xr-x 0 root root 0 2009-09-27 18:40 lo
dr-xr-xr-x 0 root root 0 2009-09-27 18:40 pan0
dr-xr-xr-x 0 root root 0 2009-09-27 18:40 wlan0
dr-xr-xr-x 0 root root 0 2009-09-27 18:40 wmaster0
gg1@xappsoftware:~$ 

Imagine you want to change rp_filter configuration on the interface eth0, you shall type the following command:

gg1@xappsoftware:~$ sudo echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter

to restore the previous settings you shall type the following command:

gg1@xappsoftware:~$ sudo echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter

gg1