[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Required firewall support

In article <[🔎] 20050317221342.GB3155@moregruel.net> steveg@moregruel.net writes:
>On 17-Mar-05, 01:01 (CST), Joel Aelwyn <fenton@debian.org> wrote: 
>> * The ability for an interface to receive, by default, only traffic that
>>   is destined for that interface. (Non-promiscuous mode; promiscuous mode
>>   availability is a big plus, but not required from the OS point of view)
>
>Linux fails this. Even with forwarding disabled, it will accept packets
>for an address on interface A via interface B.

Enable rp_filter and it does reject such packets.

echo 1 >/proc/sys/net/ipv4/conf/${dev}/rp_filter
-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
With Microsoft, failure is not an option.  It is a standard feature.
Reply to: