On Sat, Feb 19, 2005 at 12:13:34AM -0200, Henrique de Moraes Holschuh wrote: > Also: As far as the kernel is concerned, any local IP is local to *all* > interfaces, and it will happly reply to it (ARP and so on) if allowed to. > The rp_filter will often avoid trouble here, BUT routers often have to > disable rp_filter. So add some rules to the firewall make sure nothing gets > into 127.0.0.0/8 unless it is a local packet.
Can't you just leave rp_filter on for lo, or disable it only on those interfaces on which you are likely to see asymmetric routes arriving? -- ----------------------------------------------------------- Paul "TBBle" Hampson, MCSE 8th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] "No survivors? Then where do the stories come from I wonder?" -- Capt. Jack Sparrow, "Pirates of the Caribbean" This email is licensed to the recipient for non-commercial use, duplication and distribution. -----------------------------------------------------------
signature.asc
Description: Digital signature