Re: Required firewall support

To: debian-devel@lists.debian.org
Subject: Re: Required firewall support
From: David Weinehall <tao@debian.org>
Date: Mon, 21 Mar 2005 19:39:14 +0100
Message-id: <20050321183914.GD27330@khan.acc.umu.se>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <20050320172248.GA6883@moregruel.net>
References: <87oedjtndt.fsf@becket.becket.net> <20050316230804.GB14110@wonderland.linux.it> <87ekef2nhv.fsf@becket.becket.net> <20050317033948.GT7864@spawn.internal.mnemosyne-consulting.com> <87d5tzx77g.fsf@becket.becket.net> <20050317070119.GW7864@spawn.internal.mnemosyne-consulting.com> <200503180928.j2I9SgYv012342@renig.nat.blars.org> <20050318195041.GA3304@moregruel.net> <pan.2005.03.19.16.00.16.403786@smurf.noris.de> <20050320172248.GA6883@moregruel.net>

On Sun, Mar 20, 2005 at 11:22:48AM -0600, Steve Greenland wrote:
> On 19-Mar-05, 10:00 (CST), Matthias Urlichs <smurf@smurf.noris.de> wrote: 
> > 
> > Umm, rp_filter is for rejecting packets whose *source* address is from the
> > wrong network.
> 
> Right. I know this. But what Joel was originally talking about was
> rejection of packets on interface A that are destined for an address on
> interface B; Joel seemed to be claiming that if this didn't happen by
> default, then the OS was a "toy"; I was pointing out that Linux itself
> fails this. 
> 
> > If you want to block accepting your own address as the *destination*, then
> > no, there's no config parameter for that. Use iptables rules. :-/
> 
> And that's what we do. But some other OSs (Solaris) do support strict
> multihoming with a config parameter, it would be nice if Linux did.

netdev@oss.sgi.com <--- patches goes that way.
linux-kernel@vger.kernel.org <--- or possibly that way.


Regards: David Weinehall
-- 
 /) David Weinehall <tao@acc.umu.se> /) Northern lights wander      (\
//  Maintainer of the v2.0 kernel   //  Dance across the winter sky //
\)  http://www.acc.umu.se/~tao/    (/   Full colour fire           (/

Reply to:

Follow-Ups:
- Re: Required firewall support
  - From: Steve Greenland <steveg@moregruel.net>

References:
- Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: md@Linux.IT (Marco d'Itri)
- Re: Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>
- Re: Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>
- Re: Required firewall support
  - From: Blars Blarson <blarson@blars.org>
- Re: Required firewall support
  - From: Steve Greenland <steveg@moregruel.net>
- Re: Required firewall support
  - From: Matthias Urlichs <smurf@smurf.noris.de>
- Re: Required firewall support
  - From: Steve Greenland <steveg@moregruel.net>

Prev by Date: Re: NEW handling: About rejects, and kernels (Was: Re: NEW handling ...)
Next by Date: Re: *** SPAM *** Re: NEW handling: About rejects, and kernels (Was: Re: NEW handling ...)
Previous by thread: Re: Required firewall support
Next by thread: Re: Required firewall support
Index(es):
- Date
- Thread