On Feb 23, Junichi Uekawa <dancer@netfort.gr.jp> wrote: > > Also: As far as the kernel is concerned, any local IP is local to *all* > > interfaces, and it will happly reply to it (ARP and so on) if allowed to. > > The rp_filter will often avoid trouble here, BUT routers often have to > > disable rp_filter. So add some rules to the firewall make sure nothing gets > > into 127.0.0.0/8 unless it is a local packet. > So, by this implication, if I use arping and pretend to be 127.0.0.1 > to another host, that host will try to ping the network if I ping 127.0.0.1 > on the target host? No, packets /from/ locally configured addresses coming from external interfaces are always dropped no matter how rp_filter is configured. -- ciao, Marco
Attachment:
signature.asc
Description: Digital signature