[ale] Another Ipchains question
Chris Ricker
kaboom at gatech.edu
Thu Jan 24 13:07:01 EST 2002
On Thu, 24 Jan 2002, Joe Steele wrote:
> There are a couple acceptable strategies OSes can implement for
> handling incoming packets on a given interface. One strategy is to
> consider the packet as local if its destination address matches the
> address of *any* interface on the host, not just the interface on
> which it arrived. The other strategy is to require local packets to
> have a destination address which matches the specific interface on
> which they arrive.
>
> My understanding has been that Linux implements the first strategy
> (someone correct me if this has changed).
By default (since not doing so breaks routing), Linux considers any packet
with a local address local, regardless of incoming interface. This is
run-time configurable either globally or per interface, however.
See /proc/sys/net/ipv4/conf/*/rp_filter
0 means accept any local address. 1 means to reverse the path and make sure
the destination interface matches the destination address.
later,
chris
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list