[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Another Ipchains question

Subject: [ale] Another Ipchains question
From: kaboom at gatech.edu (Chris Ricker)
Date: Thu, 24 Jan 2002 11:07:01 -0700 (MST)

On Thu, 24 Jan 2002, Joe Steele wrote:

> There are a couple acceptable strategies OSes can implement for 
> handling incoming packets on a given interface.  One strategy is to 
> consider the packet as local if its destination address matches the 
> address of *any* interface on the host, not just the interface on 
> which it arrived.  The other strategy is to require local packets to 
> have a destination address which matches the specific interface on 
> which they arrive.  
> 
> My understanding has been that Linux implements the first strategy 
> (someone correct me if this has changed).

By default (since not doing so breaks routing), Linux considers any packet
with a local address local, regardless of incoming interface.  This is 
run-time configurable either globally or per interface, however.

See /proc/sys/net/ipv4/conf/*/rp_filter

0 means accept any local address.  1 means to reverse the path and make sure 
the destination interface matches the destination address.

later,
chris

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] Linux DVD
Next by Date: [ale] AOL sues Microsoft
Previous by thread: [ale] Another Ipchains question
Next by thread: [ale] Another Ipchains question
Index(es):
- Date
- Thread