#!/bin/bash
 
INT_IF="eth1" # connected to internet
SERVER_IP="202.54.10.20" # server IP
***_RANGE="192.168.1.0/24" # your *** IP range 
 
# Add your IP range/IPs here,
SPOOF_IPS="0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3"
 
IPT="/sbin/iptables" # path to iptables
 
# default action, can be DROP or REJECT
ACTION="DROP"
 
# Drop packet that claiming from our own server
$IPT -A INPUT -i $INT_IF -s $SERVER_IP -j $ACTION
$IPT -A OUTPUT -o $INT_IF -s $SERVER_IP -j $ACTION
 
# Drop packet that claiming from our own internal ***
$IPT -A INPUT -i $INT_IF -s $***_RANGE -j $ACTION
$IPT -A OUTPUT -o $INT_IF -s $***_RANGE -j $ACTION
 
for ip in $SPOOF_IPS
do
 $IPT -A INPUT -i $INT_IF -s $ip -j $ACTION
 $IPT -A OUTPUT -o $INT_IF -s $ip -j $ACTION
done

Ayrıca /etc/sysctl.conf dosyasına "net.ipv4.conf.all.rp_filter = 1" ekleyin.

Bu konu hakkında birşeyler araştırırken, bu bash scripti buldum. Biri test edebilir mi işe yarayıp yaramadığını ?