[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

The Debian way to turn off accept_source_route.


was just fiddling with my everything-server and thought I noticed what
looked like a bit of source-routed traffic was going through it. I noticed
/proc/sys/net/ipv4/conf/default/accept_source_route was '1', the same as all
the interfaces. After getting a bit worried, it looks like the
../all/accept_source_route was '0'. I'm assuming the '../all/..' overides
the individual interfaces, but then I'm not sure _what_ that little blip of
traffic was.

I know decent firewalling will kill source-routed traffic, but doing
"cat 0 > /proc/sys/net/ipv4/conf/all/accept_source_route" is probably also a
good idea. Does Debian do this somewhere? What is the kernel default? If
Debian doesn't already do this, what is the correct way to do it? The
/etc/network/options will set '../all/forwarding', but nothing else.

ABO: finger abo@minkirri.apana.org.au for more info, including pgp key

Reply to: