Re: Required firewall support
Hi, Steve Greenland wrote:
> On 18-Mar-05, 03:28 (CST), Blars Blarson <blarson@blars.org> wrote:
>> >Linux fails this. Even with forwarding disabled, it will accept packets
>> >for an address on interface A via interface B.
>>
>> Enable rp_filter and it does reject such packets.
>>
>> echo 1 >/proc/sys/net/ipv4/conf/${dev}/rp_filter
>
> See, that's a nice theory, but it doesn't actually work.
Umm, rp_filter is for rejecting packets whose *source* address is from the
wrong network.
If you want to block accepting your own address as the *destination*, then
no, there's no config parameter for that. Use iptables rules. :-/
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de
Reply to: