Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

How to Specify IP Addresses to Protect Against IP Spoofing

Before You Begin

The ip-nospoof protection type is enabled, as shown in How to Enable Link Protection.

You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  1. Verify that you have enabled protection against IP spoofing.
    # dladm show-linkprop -p protection link
    LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
    link      protection      rw   ip-nospoof   ip-nospoof   --        mac-nospoof,
                                                                      restricted,
                                                                      ip-nospoof,
                                                                      dhcp-nospoof
  2. Add IP addresses to the list of default values for the allowed-ips link property.
    # dladm set-linkprop -p allowed-ips=IP-addr[,IP-addr,...] link

    The following example shows how to add the IP addresses 192.0.2.11 and 192.0.2.12 to the allowed-ips property for the vnic0 link:

    # dladm set-linkprop -p allowed-ips=192.0.2.11,192.0.2.12 vnic0

    For more information, see the dladm(1M) man page.