Re: rp_filter - Patrick Schaaf

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick Schaaf <bof@bof.de>
To: Netfilter Developers <netfilter-devel@lists.netfilter.org>
Subject: Re: rp_filter
Date: Sat, 28 Dec 2002 10:17:30 +0100	[thread overview]
Message-ID: <20021228091730.GC440@oknodo.bof.de> (raw)
In-Reply-To: <20021227211113.GK677@ns>

Stephen & all,

>   Can we *please* move the rp_filter cruft into the firewalling code
>   proper?

Upon thinking a bit more about your request, there is one thing
that annoys me about rp_filter, and where iptables may eventually
help: there was (and probably is) the idea of a DROP table, where
you can LOG packets coming from all kinds of drop sites within
the network stack. It would be great if I had a way to LOG packets
rejected by rp_filter. IMHO the big problem to the unwary end-user,
is the _invisibility_ of the drops caused by rp_filter.

A simple net_ratelimit()ed printk() in the appropriate place, would
already help a lot. If you walk your request over to linux-net, maybe
you could make that your fallback position :-)

best regards
  Patrick

next prev parent reply	other threads:[~2002-12-28  9:17 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-27 21:11 rp_filter Stephen Frost
2002-12-28  8:46 ` rp_filter Patrick Schaaf
2002-12-29 17:28   ` rp_filter Stephen Frost
2002-12-28  9:17 ` Patrick Schaaf [this message]
2003-01-08 12:38   ` rp_filter Roberto Nibali
  -- strict thread matches above, loose matches on Subject: below --
2018-07-13 15:23 rp_filter Leroy Tennison
2018-07-13 16:23 ` rp_filter Grant Taylor
2018-07-13 16:26 ` rp_filter Jay Vosburgh
2018-07-13 18:03 ` rp_filter Leroy Tennison
2018-09-04 10:11 ` rp_filter Anton Danilov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021228091730.GC440@oknodo.bof.de \
    --to=bof@bof.de \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.