On Wed, 22 Dec 1999, Mariusz Woloszyn wrote: > "Disabled by default"! I noticed Patrick Volkerding long time before > Slackware 7 (as soon as I found it in 4.0). > BTW: I got a replay (long time ago -- Fri, 16 Jul 1999) from Patrick saying: "You might want to report this to the kernel developers, since the comment is taken directly from /usr/src/linux/Documentation/Configure.help, and is still there in 2.2.10. Best regards, Pat" And the documentation still says wrong: " If you turn on IP forwarding, you will also get the rp_filter, which automatically rejects incoming packets if the routing table entry for their source address doesn't match the network interface they're arriving on. This has security advantages because it prevents the so-called IP spoofing, however it can pose problems if you use asymmetric routing (packets from you to a host take a different path than packets from that host to you) or if you operate a non-routing host which has several IP addresses on different interfaces. To turn rp_filter off use: echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter or echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter " Regards, P.S. Cc to Axel Boldt (boldtat_private) as he is mentioned as a maintainer of Configure.help -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners, GTS Poland E-mail: emsiat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:39 PDT