Re: Source Address Verification
On Sat, Mar 23, 2002 at 12:34:08PM +0100, Bernd Eckenfels wrote:
> On Sat, Mar 23, 2002 at 02:38:08PM +1100, Jean-Francois Dive wrote:
> > Why only in static route situation ? Would dynamic routes learned by a routing protocol make
> > any differences ? is rp_filter look at the route cache or does a lookup each time?
>
> Yes that works in dyamic situations, too. But there is nu gurantee, that
> incoming packets from a secondary interface are illegal. So it is better to
> run this protection only on a router where only one interface leads to the
> destination.
>
Following the used technique, it should works even on a dual connection, as soon as
you have a route pointing properly to the interface .. At least i suppose..
> Greetings
> Bernd
> --
> (OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
> ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
> o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
> (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
-> Jean-Francois Dive
--> jef@linuxbe.org
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: