On Tue, 21 Dec 1999, Dagmar d'Surreal wrote: > IPV4 PACKET FORWARDING -- Should not be on by default Above is true for Slackware 4.0 (...) > RP_FILTER -- Probably incorrect assumption > ------------------------------------------ > Just below the section that turns on IP forwarding is a section that > theoretically turns on rp_filter, which is supposed to do source > validation of incoming packets to prevent outside lusers from firing > spoofed packets into your local network. This is supposed to go on by > default once ip_forwarding is turned on, according to both the comments in > the script and the kernel documentation. (Annoyingly enough, the > interface for it in /proc still emits a 0 when ip_forwarding is turned on, > which leads me to believe that something might be missing in the kernel, > although I might be the only person that ever tries to read proc first to > see what's on and what's off.) Better to be safe than sorry and change > the logic to stuff a 1 in there if IPV4_FORWARD is true, and a zero in > there if it's false. > It also applyes to Slackware 4.0, but it isn't kernel problem. Kernel documentation says: # rp_filter # Integer value deciding if source validation should be made. # 1 means yes, 0 means no. Disabled by default, but # local/broadcast address spoofing is always on. # "Disabled by default"! I noticed Patrick Volkerding long time before Slackware 7 (as soon as I found it in 4.0). Anyway you're not the only person that ever tries to read proc first :) Regards, -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners, GTS Poland E-mail: emsiat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:46 PDT