On 18-Mar-05, 03:28 (CST), Blars Blarson <[EMAIL PROTECTED]> wrote:
> >Linux fails this. Even with forwarding disabled, it will accept packets
> >for an address on interface A via interface B.
>
> Enable rp_filter and it does reject such packets.
>
> echo 1 >/proc/sys/net/ipv4/conf/${dev}/rp_filter
See, that's a nice theory, but it doesn't actually work.
Maybe it's not clear what I'm talking about. Consider a machine with two
interfaces eth0, eth1. Define eth0 as 192.168.0.1 and eth1 as 10.0.0.1.
Disable forwarding, set rp_filter on all interfaces. From another
machine on 192.168.0/24, set your route for 10/8 to 192.168.0.1. Now
ping 10.0.0.1. For bonus points, do 'ifconfig eth1 down', and then ping
from the other machine again. Surprise!
(All with 2.4.18, maybe it's fixed in 2.6.)
Steve
--
Steve Greenland
The irony is that Bill Gates claims to be making a stable operating
system and Linus Torvalds claims to be trying to take over the
world. -- seen on the net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
