Re: Network stack setup

To: debian-user@lists.debian.org
Subject: Re: Network stack setup
From: Joe <joe@jretrading.com>
Date: Wed, 15 Mar 2023 12:35:31 +0000
Message-id: <[🔎] 20230315123531.6f1e7acd@jrenewsid.jretrading.com>
In-reply-to: <[🔎] 4785102.GXAFRqVoOG@probook455-g7>
References: <[🔎] 4785102.GXAFRqVoOG@probook455-g7>

On Tue, 14 Mar 2023 19:51:44 +0100
krystof@ibse.cz wrote:

> Hello everyone,
> I have a question about network stack configuration in Linux. Lets
> assume a Linux host with multiple network interfaces, a different ip
> address is set on each interface (for example eth0: 192.168.0.1/24
> and eth1: 192.168.1.1/24) and forwarding is disabled. When another
> host in the network 192.168.0.0/24 sets a default route to this host
> and ping to 192.168.1.1, it will get a reply. Is there any way to
> prevent this behavior - meaning the first host replies only to
> traffic with destination address set on input interface and not all
> addresses set on the host? Something like rp_filter but for
> destination addresses? Or is the only way to set up a firewall with
> input interfaces and destination addresses in every rule?
> 
That will depend on the firewall software you use. The underlying
iptables or nftables rules can be written to include source or
destination IP addresses or ranges, interface names, or a mix of all.

-- 
Joe

Reply to:

References:
- Network stack setup
  - From: krystof@ibse.cz

Prev by Date: Re: Network stack setup
Next by Date: Re: Network stack setup
Previous by thread: Re: Network stack setup
Next by thread: ImageMagick weird colors on composite with black
Index(es):
- Date
- Thread