rp_filter (was Re: is iptables enough?)
In article <[🔎] 435C366F075ED211B12200204840172D05869350@petitsuix.coe.int>
Vincent.DEFFONTAINES@coe.int writes:
>Also, I would set some no-spoof rules, like accept 127.0.0.0/8 only from
>interface lo, and drop
>non-routable stuff coming from public interface.
for dev in default eth0 eth1 eth2 eth3 eth4 eth5 eth6
do
echo 1 >/proc/sys/net/ipv4/conf/${dev}/rp_filter
done
Much better than trying to put such stuff in iptables. This changes with
your routing tables, and you don't need to duplicate them.
--
Blars Blarson blarson@blars.org
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
Reply to: