Re: Required firewall support
On Sun, Mar 20, 2005 at 11:22:48AM -0600, Steve Greenland wrote:
> On 19-Mar-05, 10:00 (CST), Matthias Urlichs <firstname.lastname@example.org> wrote:
> > Umm, rp_filter is for rejecting packets whose *source* address is from the
> > wrong network.
> Right. I know this. But what Joel was originally talking about was
> rejection of packets on interface A that are destined for an address on
> interface B; Joel seemed to be claiming that if this didn't happen by
> default, then the OS was a "toy"; I was pointing out that Linux itself
> fails this.
> > If you want to block accepting your own address as the *destination*, then
> > no, there's no config parameter for that. Use iptables rules. :-/
> And that's what we do. But some other OSs (Solaris) do support strict
> multihoming with a config parameter, it would be nice if Linux did.
email@example.com <--- patches goes that way.
firstname.lastname@example.org <--- or possibly that way.
Regards: David Weinehall
/) David Weinehall <email@example.com> /) Northern lights wander (\
// Maintainer of the v2.0 kernel // Dance across the winter sky //
\) http://www.acc.umu.se/~tao/ (/ Full colour fire (/