The Debian way to turn off accept_source_route.
G'day,
was just fiddling with my everything-server and thought I noticed what
looked like a bit of source-routed traffic was going through it. I noticed
/proc/sys/net/ipv4/conf/default/accept_source_route was '1', the same as all
the interfaces. After getting a bit worried, it looks like the
../all/accept_source_route was '0'. I'm assuming the '../all/..' overides
the individual interfaces, but then I'm not sure _what_ that little blip of
traffic was.
I know decent firewalling will kill source-routed traffic, but doing
"cat 0 > /proc/sys/net/ipv4/conf/all/accept_source_route" is probably also a
good idea. Does Debian do this somewhere? What is the kernel default? If
Debian doesn't already do this, what is the correct way to do it? The
/etc/network/options will set '../all/forwarding', but nothing else.
--
----------------------------------------------------------------------
ABO: finger abo@minkirri.apana.org.au for more info, including pgp key
----------------------------------------------------------------------
Reply to: