[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

On Thu, Aug 16, 2007 at 01:59:03PM +0200, Izak Burger wrote:
> On 8/16/07, Ondrej Zajicek <santiago@crfreenet.org> wrote:
> > And if there is no firewall (or other
> > hand-crafted protective measures), then there is no need for
> > rp_filter. So on common workstation there is no need for
> > rp_filter too.
> I also don't see why you need rp_filter on a workstation.  A
> workstation generally has a single default gateway that routes
> incoming and outgoing traffic.  Since the netmask is,
> absolutely any packet is allowed to come from there, so enabling
> rp_filter would do absolutely nothing.

does it not cover the case of packets arriving at eth0 spoofed as
from ?

what would be a easy way to test that ?


Reply to: