[LARTC] sysctl & rp_filter (fwd)

[LARTC] sysctl & rp_filter (fwd)

[Dragan Simic]

Hi all !

I noticed a small (typo?) error in section "13.1. Reverse Path
Filtering", which says:

-- 
The following fragment will turn this on for all current and future
interfaces.
# for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
>  echo 2 > $i
> done
-- 

According to /usr/src/linux/Documentation/networking/ip-sysctl.txt ,
there should be "echo 1 > $i", because the ip-sysctl.txt says:

-- 
rp_filter - BOOLEAN
        1 - do source validation by reversed path, as specified in RFC1812
            Recommended option for single homed hosts and stub network
            routers. Could cause troubles for complicated (not loop free)
            networks running a slow unreliable protocol (sort of RIP),
            or using static routes.
        0 - No source validation.
        Default value is 0. Note that some distributions enable it
        in startip scripts.
-- 

Also, according to my personal experience, Reverse Path filtering
doesn't work with "echo 2 > $i".


-- 

.----------------------------------------------------------------------------.
| Pozdrav / Best Wishes,     dsimic@urc.bl.ac.yu  | LL   The Choice of       |
| Dragan Simic                 RS.BA Hostmaster   | LL            GNU        |
| URC B.Luka / RSKoming.NET  System/Network Admin | LLLL i n u x  Generation |
`----------------------------------------------------------------------------'



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] sysctl & rp_filter (fwd)

[bert hubert]

On Mon, Apr 29, 2002 at 08:32:51AM +0200, Dragan Simic wrote:
> 
> Hi all !
> 
> I noticed a small (typo?) error in section "13.1. Reverse Path
> Filtering", which says:

Arent't there kernels which support '2' as well? I would like to expand it
then to cover what '2' is.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] sysctl & rp_filter (fwd)

[bert hubert]

On Mon, Apr 29, 2002 at 08:51:39AM +0200, bert hubert wrote:
> On Mon, Apr 29, 2002 at 08:32:51AM +0200, Dragan Simic wrote:
> > 
> > Hi all !
> > 
> > I noticed a small (typo?) error in section "13.1. Reverse Path
> > Filtering", which says:
> 
> Arent't there kernels which support '2' as well? I would like to expand it
> then to cover what '2' is.

Ok, there aren't :-)

I've changed it:

http://lartc.org/HOWTO//cvs/2.4routing/html/c1182.html#AEN1188

And added you to the 'thanks to' list.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/