Securing the Network in Oracle® Solaris 11.2

Exit Print View

 
Updated: August 2014
 
 

How to Specify IP Addresses to Protect Against IP Spoofing

Before You Begin

The ip-nospoof protection type is enabled, as shown in How to Enable Link Protection.

You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  1. Verify that you have enabled protection against IP spoofing. 
    # dladm show-linkprop -p protection link
LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
link      protection      rw   ip-nospoof   ip-nospoof   --        mac-nospoof,
                                                                  restricted,
                                                                  ip-nospoof,
                                                                  dhcp-nospoof
  2. Add IP addresses to the list of default values for the allowed-ips link property. 
    # dladm set-linkprop -p allowed-ips=IP-addr[,IP-addr,...] link

    The following example shows how to add the IP addresses 10.0.0.1 and 10.0.0.2 to the allowed-ips property for the vnic0 link:

    # dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0

    For more information, see the dladm(1M) man page.

Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next