Re: Network stack setup
On Tue, 14 Mar 2023 19:51:44 +0100
krystof@ibse.cz wrote:
> Hello everyone,
> I have a question about network stack configuration in Linux. Lets
> assume a Linux host with multiple network interfaces, a different ip
> address is set on each interface (for example eth0: 192.168.0.1/24
> and eth1: 192.168.1.1/24) and forwarding is disabled. When another
> host in the network 192.168.0.0/24 sets a default route to this host
> and ping to 192.168.1.1, it will get a reply. Is there any way to
> prevent this behavior - meaning the first host replies only to
> traffic with destination address set on input interface and not all
> addresses set on the host? Something like rp_filter but for
> destination addresses? Or is the only way to set up a firewall with
> input interfaces and destination addresses in every rule?
>
That will depend on the firewall software you use. The underlying
iptables or nftables rules can be written to include source or
destination IP addresses or ranges, interface names, or a mix of all.
--
Joe
Reply to: