one of my machines just lost its default route out of the blue. it's not hacked, and process accounting shows absolutely no actions on root's part which could have led to this. so the only real thing i can think of is an ICMP redirection, and /proc/sys/net/ipv4/conf/eth0/allow_redirect was indeed at 1 (it's changed now). however, the machine also has the following ICMP-relevant iptables rules installed: -p icmp --state ESTABLISHED -j ACCEPT -p icmp -s 195.226.187.156/32 --icmp-type 8 -j ACCEPT -p icmp --icmp-type 8 -j DROP -p icmp -j LOG -p icmp -j DROP does the above iptables setup even permit an ICMP redirect? AFAIK, there are only four connection-based ICMP packet types (#8, 13, 15, 17). ICMP redirect is never ESTABLISHED, only RELATED at the most. but in as such, it should have been LOGged and DROPped! the logs show nothing such. can you think of other reasons why a machine would suddenly decide to lose its default route? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck \|/ _____ \|/ "@'/ , . \`@" /_| \___/ |_\ \___U_/
Attachment:
pgpOhzpqaIjX0.pgp
Description: PGP signature