Re: Required firewall support
In article <[🔎] 20050317221342.GB3155@moregruel.net> steveg@moregruel.net writes:
>On 17-Mar-05, 01:01 (CST), Joel Aelwyn <fenton@debian.org> wrote:
>> * The ability for an interface to receive, by default, only traffic that
>> is destined for that interface. (Non-promiscuous mode; promiscuous mode
>> availability is a big plus, but not required from the OS point of view)
>
>Linux fails this. Even with forwarding disabled, it will accept packets
>for an address on interface A via interface B.
Enable rp_filter and it does reject such packets.
echo 1 >/proc/sys/net/ipv4/conf/${dev}/rp_filter
--
Blars Blarson blarson@blars.org
http://www.blars.org/blars.html
With Microsoft, failure is not an option. It is a standard feature.
Reply to: