The best information comes straight from the IP Chains How To:
IP spoofing is a technique where a host sends out packets which claim to be from another host. Since packet filtering makes decisions based on this source address, IP spoofing is used to fool packet filters. It is also used to hide the identity of attackers using SYN attacks, Teardrop, Ping of Death and the like (don't worry if you don't know what they are).
The best way to protect from IP spoofing is called Source Address Verification, and it is done by the routing code, and not firewalling at all. Look for a file called rp_filter by doing this:
ls -l /proc/sys/net/ipv4/conf/all/rp_filter [Enter]
If this exists, then turning on Source Address Verification at every
boot is the right solution for you. To do that, insert the following
lines in your init script (for Redhat based distributions
use /etc/rc.d/rc.sysinit script): immediately
after /proc is mounted:
# This is the best method: turn on Source Address Verification and
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
echo PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED.
echo "CONTROL-D will exit from this shell and continue system startup."
# Start a single user shell on the console
If you cannot do this, you can manually insert rules to protect every interface. This requires knowledge of each interface. The 2.1 kernels automatically reject packets claiming to come from the 127.* addresses (reserved for the local loopback interface, lo).