Hi all ! I noticed a small (typo?) error in section "13.1. Reverse Path Filtering", which says: -- The following fragment will turn this on for all current and future interfaces. # for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do> echo 2 > $i > done-- According to /usr/src/linux/Documentation/networking/ip-sysctl.txt , there should be "echo 1 > $i", because the ip-sysctl.txt says: -- rp_filter - BOOLEAN 1 - do source validation by reversed path, as specified in RFC1812 Recommended option for single homed hosts and stub network routers. Could cause troubles for complicated (not loop free) networks running a slow unreliable protocol (sort of RIP), or using static routes. 0 - No source validation. Default value is 0. Note that some distributions enable it in startip scripts. -- Also, according to my personal experience, Reverse Path filtering doesn''t work with "echo 2 > $i". -- .----------------------------------------------------------------------------. | Pozdrav / Best Wishes, dsimic@urc.bl.ac.yu | LL The Choice of | | Dragan Simic RS.BA Hostmaster | LL GNU | | URC B.Luka / RSKoming.NET System/Network Admin | LLLL i n u x Generation | `----------------------------------------------------------------------------''
On Mon, Apr 29, 2002 at 08:32:51AM +0200, Dragan Simic wrote:> > Hi all ! > > I noticed a small (typo?) error in section "13.1. Reverse Path > Filtering", which says:Arent''t there kernels which support ''2'' as well? I would like to expand it then to cover what ''2'' is. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
On Mon, Apr 29, 2002 at 08:51:39AM +0200, bert hubert wrote:> On Mon, Apr 29, 2002 at 08:32:51AM +0200, Dragan Simic wrote: > > > > Hi all ! > > > > I noticed a small (typo?) error in section "13.1. Reverse Path > > Filtering", which says: > > Arent''t there kernels which support ''2'' as well? I would like to expand it > then to cover what ''2'' is.Ok, there aren''t :-) I''ve changed it: http://lartc.org/HOWTO//cvs/2.4routing/html/c1182.html#AEN1188 And added you to the ''thanks to'' list. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO