On Tuesday 05 February 2002 11:44, Praise wrote:
Il 08:13, martedì 5 febbraio 2002, John Andersen ha scritto:
On Monday 04 February 2002 05:37 am, Robert Davies wrote:
It does not route to 127.0.0.1. It routes FROM 127.0.0.1, sometimes.
The kernel's rp_filter should detect this, it's turned on without me taking action on my SuSE system (perhaps by the firewall scripts though I haven't noticed them setting this). Previously with Red Hat 6, I had to enable it myself like this : # Enable Anti-Spoof protection - sets source route verification for f in all default eth0 lo do echo 1 > /proc/sys/net/ipv4/conf/$f/rp_filter done # Disable on internal interfaces, as we can have asymmetric routing for f in eth1 eth2 do echo 0 > /proc/sys/net/ipv4/conf/$f/rp_filter done Now I just checked it under SuSE dialup system using SuSE personal firewall I have : oak:/work/dist/firewall # for iface in /proc/sys/net/ipv4/conf/*/rp_filter
do echo "$iface `cat $iface`" done
/proc/sys/net/ipv4/conf/all/rp_filter 1 /proc/sys/net/ipv4/conf/default/rp_filter 1 /proc/sys/net/ipv4/conf/eth0/rp_filter 1 /proc/sys/net/ipv4/conf/eth1/rp_filter 1 /proc/sys/net/ipv4/conf/lo/rp_filter 1 /proc/sys/net/ipv4/conf/ppp0/rp_filter 1 Rob