iptables question
does anyone know if there is a way to do OpenBSD-style "scrubbing" of packets on a Linux/iptables router/firewall?
i.e., stripping the do-not-fragment (DF) flag, and setting the IP value to 0 for all traffic originating inside my firewall?
essentially, i would like to make my firewall as stealthy as possible, defeating known procedures to detect NAT routers.
i know you can use the mangle target to standardize TTL values (albeit with a kernel patch), but i am curious about the other methods.
i'm using debian stable, with the 2.4.18 kernel.
thanks.
i.e., stripping the do-not-fragment (DF) flag, and setting the IP value to 0 for all traffic originating inside my firewall?
essentially, i would like to make my firewall as stealthy as possible, defeating known procedures to detect NAT routers.
i know you can use the mangle target to standardize TTL values (albeit with a kernel patch), but i am curious about the other methods.
i'm using debian stable, with the 2.4.18 kernel.
thanks.
