Hi all !
I noticed a small (typo?) error in section "13.1. Reverse Path
Filtering", which says:
--
The following fragment will turn this on for all current and future
interfaces.
# for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
> echo 2 > $i
> done
--
According to /usr/src/linux/Documentation/networking/ip-sysctl.txt ,
there should be "echo 1 > $i", because the ip-sysctl.txt says:
--
rp_filter - BOOLEAN
1 - do source validation by reversed path, as specified in RFC1812
Recommended option for single homed hosts and stub network
routers. Could cause troubles for complicated (not loop free)
networks running a slow unreliable protocol (sort of RIP),
or using static routes.
0 - No source validation.
Default value is 0. Note that some distributions enable it
in startip scripts.
--
Also, according to my personal experience, Reverse Path filtering
doesn't work with "echo 2 > $i".
--
.----------------------------------------------------------------------------.
| Pozdrav / Best Wishes, dsimic@urc.bl.ac.yu | LL The Choice of |
| Dragan Simic RS.BA Hostmaster | LL GNU |
| URC B.Luka / RSKoming.NET System/Network Admin | LLLL i n u x Generation |
`----------------------------------------------------------------------------'
