From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: not [!] rule is not working
Date: Thu, 16 Aug 2007 10:27:32 -0500 [thread overview]
Message-ID: <46C46CE4.70308@riverviewtech.net> (raw)
In-Reply-To: <46C4683B.3090702@plouf.fr.eu.org>
On 08/16/07 10:07, Pascal Hambourg wrote:
> The default behaviour is to reply on any interface for any local
> address. It can be changed on a per-interface basis with the kernel
> parameter /proc/sys/net/ipv4/conf/<interface>/arp_ignore. Definitions
> and values are in Documentation/networking/ip-sysctl.txt :
Ok, so this can be set up, it is just something that has to be turned on
via /proc.
> arp_ignore - INTEGER
> Define different modes for sending replies in response to
> received ARP requests that resolve local target IP addresses:
> 0 - (default): reply for any local target IP address, configured
> on any interface
> 1 - reply only if the target IP address is local address
> configured on the incoming interface
> 2 - reply only if the target IP address is local address
> configured on the incoming interface and both with the
> sender's IP address are part from same subnet on this interface
> 3 - do not reply for local addresses configured with scope host,
> only resolutions for global and link addresses are replied
> 4-7 - reserved
> 8 - do not reply for all local addresses
>
> The max value from conf/{all,interface}/arp_ignore is used
> when ARP request is received on the {interface}
If I understand the OP and what you have provided here correctly I
believe the OP would simply want to issue the following commands:
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/eth1/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/eth2/arp_ignore
This should configure the interfaces to only respond to ARP requests for
their own IP address(s) (not other interfaces IP address(s)) correct?
Thus the kernel would take care of what the OP is wanting to do and the
there would be no need for ARP / IPTables, correct?
So I can correctly update my references, where did you copy and past
that documentation from?
Grant. . . .
next prev parent reply other threads:[~2007-08-16 15:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-14 6:45 not [!] rule is not working pankaj jain
2007-08-14 10:48 ` Gáspár Lajos
2007-08-14 12:28 ` pankaj jain
2007-08-14 14:24 ` Grant Taylor
2007-08-14 14:27 ` Grant Taylor
2007-08-14 14:36 ` Grant Taylor
2007-08-16 5:56 ` pankaj jain
2007-08-16 14:39 ` Grant Taylor
2007-08-16 15:07 ` Pascal Hambourg
2007-08-16 15:27 ` Grant Taylor [this message]
2007-08-16 21:47 ` Franck Joncourt
2007-08-17 8:09 ` pankaj jain
2007-08-17 13:54 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46C46CE4.70308@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=gtaylor+reply@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox