Re: Spoof protection / RFC1812
On Sat, Jul 14, 2001 at 03:50:31PM +1000, Anthony Towns wrote:
> RFC1812 says that Internet routers should have the ability to avoid
> source address spoofing (eg, sending something that appears to be from
> a private LAN address through your firewall's public internet connection),
> but must not enable it by default.
>
> netbase provides such spoof protection, and enables it by default. It also
> disables IP forwarding by default, effectively putting Debian machines
> into the category of Internet host rather than Internet router, under
> the terms of RFC1812.
I don't think the RFC police will come after any of us if we consider Debian
systems to be Internet hosts, even if they happen to be multi-homed (where such
filters would come into play). If an administrator chooses to use a Debian
system as an IP router, they are responsible for configuring it to adhere to
RFC1812.
For what it's worth, RFC1122 (Host Requirements) does not make any mention of
reverse-path filtering.
--
- mdz
Reply to: