Re: Required firewall support
On Sun, Mar 20, 2005 at 11:22:48AM -0600, Steve Greenland wrote:
> On 19-Mar-05, 10:00 (CST), Matthias Urlichs <smurf@smurf.noris.de> wrote:
> >
> > Umm, rp_filter is for rejecting packets whose *source* address is from the
> > wrong network.
>
> Right. I know this. But what Joel was originally talking about was
> rejection of packets on interface A that are destined for an address on
> interface B; Joel seemed to be claiming that if this didn't happen by
> default, then the OS was a "toy"; I was pointing out that Linux itself
> fails this.
>
> > If you want to block accepting your own address as the *destination*, then
> > no, there's no config parameter for that. Use iptables rules. :-/
>
> And that's what we do. But some other OSs (Solaris) do support strict
> multihoming with a config parameter, it would be nice if Linux did.
netdev@oss.sgi.com <--- patches goes that way.
linux-kernel@vger.kernel.org <--- or possibly that way.
Regards: David Weinehall
--
/) David Weinehall <tao@acc.umu.se> /) Northern lights wander (\
// Maintainer of the v2.0 kernel // Dance across the winter sky //
\) http://www.acc.umu.se/~tao/ (/ Full colour fire (/
Reply to: