Plato <[EMAIL PROTECTED]> writes:
> > > echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter
> > > with echo 1 > /proc/sys/net/ipv4/conf/*/log_martians
> > > for logging/fun purposes.
> >
> > rp_filter will not help with that.
>
> I thought that rp_filter was for precisely this. Doesn't it stop packets
> which appear on interfaces with invalid IP addresses for that interface
> from getting through?
It's a return-path filter; if flipping the src/dest IP#s wouldn't send it
back out the same interface, it doesn't come in at all.
So a specially routed packet from a.b.c.d -> 127.0.0.1 coming in on eth0
becomes a packet from 127.0.0.1 -> a.b.c.d going back out
That certainly looks wrong to me, although I'm not /sure/ it would produce
the required interface conflict for rp_filter.
~Tim
--
We're just souls across a |[EMAIL PROTECTED]
shrinking world |http://spodzone.org.uk/
In a distant starlit night |
