Re: rp_filter - Stephen Frost

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Frost <sfrost@snowman.net>
To: Patrick Schaaf <bof@bof.de>
Cc: Netfilter Developers <netfilter-devel@lists.netfilter.org>
Subject: Re: rp_filter
Date: Sun, 29 Dec 2002 12:28:53 -0500	[thread overview]
Message-ID: <20021229172852.GM677@ns> (raw)
In-Reply-To: <20021228084614.GB440@oknodo.bof.de>

[-- Attachment #1: Type: text/plain, Size: 1348 bytes --]

* Patrick Schaaf (bof@bof.de) wrote:
> Stephen,
> 
> >   Can we *please* move the rp_filter cruft into the firewalling code
> >   proper?
> 
> If that's not a joke, please take your cruisade to the linux-net mailing
> list. It is not up to netfilter / iptables developers to even think
> about removal of base network stack features, in my opinion. Convince
> Dave Miller and Alexey Kusnetsov (speling probably wrong, sorry).
> 
> I'll refrain from speaking against the idea itself, here.

If we had the functionality in netfilter to do what rp_filter does now I
think it'd make for a much better case to get rid of it as it exists.
For that I think we'd need a match target that checked source IP and
incoming interface and compared it against the routing table.  Not
something I'd expect to be very difficult...

I'll see about bringing it up on the linux-net list if this seems like a
reasonable thing to add to netfilter.  I certainly agree about one of
the problems with rp_filter being that it's not noisy about things it
drops (by default at least, I think there may be an option to turn on
logging of it).  It would seem reasonable to me to have the parts of the
kernel that drop packets following some administrative rule be under the
firewalling framework instead of elsewhere throughout the kernel.

	Stephen

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2002-12-29 17:28 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-27 21:11 rp_filter Stephen Frost
2002-12-28  8:46 ` rp_filter Patrick Schaaf
2002-12-29 17:28   ` Stephen Frost [this message]
2002-12-28  9:17 ` rp_filter Patrick Schaaf
2003-01-08 12:38   ` rp_filter Roberto Nibali
  -- strict thread matches above, loose matches on Subject: below --
2018-07-13 15:23 rp_filter Leroy Tennison
2018-07-13 16:23 ` rp_filter Grant Taylor
2018-07-13 16:26 ` rp_filter Jay Vosburgh
2018-07-13 18:03 ` rp_filter Leroy Tennison
2018-09-04 10:11 ` rp_filter Anton Danilov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021229172852.GM677@ns \
    --to=sfrost@snowman.net \
    --cc=bof@bof.de \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.