On 2018-04-03 19:36, Michal Kubecek wrote:
On Tue, Apr 03, 2018 at 03:57:07PM +0200, Jan Engelhardt wrote:
Because packets go out one interface and come back the other, which then trips up rp_filter? (Gotta wonder if rp_filter is still a thing..)
Three years ago when the question (of rp_filter being enabled by default) was discussed in bugzilla (the bug is not public, unfortunately), I tried to write down reasons why I thing it should be disabled by default. No chance, the idea was shut down with "rp_filter is the most basic spoof protection and we have it turned on by default since forever". :-(
Ah, I see the issue. -- Cheers/Saludos Carlos E. R. (testing openSUSE Leap 15.0, at Minas-Anor) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org