[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Required firewall support



On Sun, Mar 20, 2005 at 11:22:48AM -0600, Steve Greenland wrote:
> On 19-Mar-05, 10:00 (CST), Matthias Urlichs <smurf@smurf.noris.de> wrote: 
> > 
> > Umm, rp_filter is for rejecting packets whose *source* address is from the
> > wrong network.
> 
> Right. I know this. But what Joel was originally talking about was
> rejection of packets on interface A that are destined for an address on
> interface B; Joel seemed to be claiming that if this didn't happen by
> default, then the OS was a "toy"; I was pointing out that Linux itself
> fails this. 
> 
> > If you want to block accepting your own address as the *destination*, then
> > no, there's no config parameter for that. Use iptables rules. :-/
> 
> And that's what we do. But some other OSs (Solaris) do support strict
> multihoming with a config parameter, it would be nice if Linux did.

netdev@oss.sgi.com <--- patches goes that way.
linux-kernel@vger.kernel.org <--- or possibly that way.


Regards: David Weinehall
-- 
 /) David Weinehall <tao@acc.umu.se> /) Northern lights wander      (\
//  Maintainer of the v2.0 kernel   //  Dance across the winter sky //
\)  http://www.acc.umu.se/~tao/    (/   Full colour fire           (/



Reply to: