Re: secure installation
On Thu, Aug 16, 2007 at 01:59:03PM +0200, Izak Burger wrote:
> On 8/16/07, Ondrej Zajicek <email@example.com> wrote:
> > And if there is no firewall (or other
> > hand-crafted protective measures), then there is no need for
> > rp_filter. So on common workstation there is no need for
> > rp_filter too.
> I also don't see why you need rp_filter on a workstation. A
> workstation generally has a single default gateway that routes
> incoming and outgoing traffic. Since the netmask is 0.0.0.0,
> absolutely any packet is allowed to come from there, so enabling
> rp_filter would do absolutely nothing.
does it not cover the case of packets arriving at eth0 spoofed as
from 127.0.0.1 ?
what would be a easy way to test that ?