Re: /proc/sys/net/ipv4/config/eth0/arp_filter not working?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "David S. Miller" <davem@redhat.com>
To: Felix von Leitner <felix-kernel@fefe.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: /proc/sys/net/ipv4/config/eth0/arp_filter not working?
Date: Tue, 9 Dec 2003 11:39:33 -0800	[thread overview]
Message-ID: <20031209113933.32e28db0.davem@redhat.com> (raw)
In-Reply-To: <20031209145847.GA10652@codeblau.de>

On Tue, 9 Dec 2003 15:58:47 +0100
Felix von Leitner <felix-kernel@fefe.de> wrote:

> According to the documentation I found, the kernel (2.6.0-test11) should
> not answer ARP requests for the lo alias if I write 1 to
> /proc/sys/net/ipv4/config/eth0/arp_filter, and to be on the safe side, I
> also wrote 1 to /proc/sys/net/ipv4/config/lo/arp_filter.  However, the
> kernel still answers the ARP requests.

Read the documentation again more clearly:

====================
arp_filter - BOOLEAN
        1 - Allows you to have multiple network interfaces on the same
        subnet, and have the ARPs for each interface be answered
        based on whether or not the kernel would route a packet from
        the ARP'd IP out that interface (therefore you must use source
        based routing for this to work). In other words it allows control
        of which cards (usually 1) will respond to an arp request.
====================

This is telling you that you need to set up your routes correctly
in order for the ARP packets to be filtered the way you want.

The decision to block ARP packets is not just based upon this sysctl
value, it is instead made if this sysctl value is set _AND_ the routes
indicate that we would not use this device for a route to reach that
destination which is trying to be resolved by the ARP request.

     prev parent reply	other threads:[~2003-12-09 20:19 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-09 14:58 /proc/sys/net/ipv4/config/eth0/arp_filter not working? Felix von Leitner
2003-12-09 19:15 ` Jose Luis Domingo Lopez
2003-12-09 19:39 ` David S. Miller [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031209113933.32e28db0.davem@redhat.com \
    --to=davem@redhat.com \
    --cc=felix-kernel@fefe.de \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox