> I would check with Alan on the SYN cookies, iirc, there is a good reason why > SYN cookies are not turned on by default. In 2.3.x it is not turned on by > default in the kernel compile and again must be explicitly enabled in /proc > after adding it to the kernel. SYN cookies don't default to on purely because they are strictly not "the standard". I don't actually know of anything they upset. In fact its normally standards compliant stuff that causes problems SACK - with buggy VJ compressors PAWS - with broken load balancers MTU discovery - with assholes who block all ICMP out and in (some very big names in the business meet this criteria btw) RST cookies were also in Linux 2.0, those did cause problems with some setups and were dropped > I imagine the packet forwarding is on by default in the interest of least > surprise from slackware. I.e. why you can't pass packets across the machine Least suprise until you accidentally have a router you didnt expect. The RFC1122 rules are for a very good reason. RP filter set to one should be fine, that will just ignore packets externally originated from your own interface addresses. Such packets are generally sent only by readers of this list and others like it . Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:54 PDT