Re: Required firewall support

To: debian-devel@lists.debian.org
Subject: Re: Required firewall support
From: Steve Greenland <steveg@moregruel.net>
Date: Sun, 20 Mar 2005 11:22:48 -0600
Message-id: <[🔎] 20050320172248.GA6883@moregruel.net>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: Steve Greenland <steveg@moregruel.net>
In-reply-to: <[🔎] pan.2005.03.19.16.00.16.403786@smurf.noris.de>
References: <[🔎] 20050317070119.GW7864@spawn.internal.mnemosyne-consulting.com> <[🔎] 87oedjtndt.fsf@becket.becket.net> <[🔎] 20050316230804.GB14110@wonderland.linux.it> <[🔎] 87ekef2nhv.fsf@becket.becket.net> <[🔎] 20050317033948.GT7864@spawn.internal.mnemosyne-consulting.com> <[🔎] 87d5tzx77g.fsf@becket.becket.net> <[🔎] 20050317070119.GW7864@spawn.internal.mnemosyne-consulting.com> <[🔎] 200503180928.j2I9SgYv012342@renig.nat.blars.org> <[🔎] 20050318195041.GA3304@moregruel.net> <[🔎] pan.2005.03.19.16.00.16.403786@smurf.noris.de>

On 19-Mar-05, 10:00 (CST), Matthias Urlichs <smurf@smurf.noris.de> wrote: 
> 
> Umm, rp_filter is for rejecting packets whose *source* address is from the
> wrong network.

Right. I know this. But what Joel was originally talking about was
rejection of packets on interface A that are destined for an address on
interface B; Joel seemed to be claiming that if this didn't happen by
default, then the OS was a "toy"; I was pointing out that Linux itself
fails this. 

> If you want to block accepting your own address as the *destination*, then
> no, there's no config parameter for that. Use iptables rules. :-/

And that's what we do. But some other OSs (Solaris) do support strict
multihoming with a config parameter, it would be nice if Linux did.

Steve

-- 
Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net

Reply to:

Follow-Ups:
- Re: Required firewall support
  - From: David Weinehall <tao@debian.org>
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>

References:
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>
- Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: md@Linux.IT (Marco d'Itri)
- Re: Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>
- Re: Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: Blars Blarson <blarson@blars.org>
- Re: Required firewall support
  - From: Steve Greenland <steveg@moregruel.net>
- Re: Required firewall support
  - From: Matthias Urlichs <smurf@smurf.noris.de>

Prev by Date: Re: Bits (Nybbles?) from the Vancouver release team meeting
Next by Date: Re: NEW handling ...
Previous by thread: Re: Required firewall support
Next by thread: Re: Required firewall support
Index(es):
- Date
- Thread