[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: First line in /etc/hosts

On Wed, 23 Feb 2005, Paul Hampson wrote:
> On Sat, Feb 19, 2005 at 12:13:34AM -0200, Henrique de Moraes Holschuh wrote:
> > Also: As far as the kernel is concerned, any local IP is local to *all*
> > interfaces, and it will happly reply to it (ARP and so on) if allowed to.
> > The rp_filter will often avoid trouble here, BUT routers often have to
> > disable rp_filter.  So add some rules to the firewall make sure nothing gets
> > into 127.0.0.0/8 unless it is a local packet.
> 
> Can't you just leave rp_filter on for lo, or disable it only on those
> interfaces on which you are likely to see asymmetric routes arriving?

Yes. But rp_filter won't get all instances of trouble trying to reach lo
through some other interface, I think.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
Reply to: