How to Specify IP Addresses to Protect Against IP Spoofing

Language:

Before You Begin

The ip-nospoof protection type is enabled, as shown in How to Enable Link Protection.

You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

Verify that you have enabled protection against IP spoofing.

# dladm show-linkprop -p protection link
LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
link      protection      rw   ip-nospoof   ip-nospoof   --        mac-nospoof,
                                                                  restricted,
                                                                  ip-nospoof,
                                                                  dhcp-nospoof

Add IP addresses to the list of default values for the allowed-ips link property.
```
# dladm set-linkprop -p allowed-ips=IP-addr[,IP-addr,...] link
```
The following example shows how to add the IP addresses 192.0.2.11 and 192.0.2.12 to the allowed-ips property for the vnic0 link:
```
# dladm set-linkprop -p allowed-ips=192.0.2.11,192.0.2.12 vnic0
```
For more information, see the dladm(8) man page.