> The rp_filter is also explained here: > http://lartc.org/HOWTO//cvs/2.4routing/html/c1182.html#AEN1188 above says: for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $i done First question: ls /proc/sys/net/ipv4/conf/*/rp_filter => /proc/sys/net/ipv4/conf/all/rp_filter /proc/sys/net/ipv4/conf/default/rp_filter /proc/sys/net/ipv4/conf/eth0/rp_filter /proc/sys/net/ipv4/conf/eth1/rp_filter /proc/sys/net/ipv4/conf/eth2/rp_filter /proc/sys/net/ipv4/conf/lo/rp_filter What do all and default do? Could the look above be replaced by just one? Second question: How does the runtime cost of rp_filter compare with that of rules like iptables -A FORWARD -i eth1 -s ! 10.0.0.0/8 -j DROP I assume in one case you have to do a route lookup, in the other you have to iterate over the appropriate rules. What are these costs? Ideally the answers should be in terms of variables we know, such as the number of rules, the number of rules per interface, the number of routes, etc.
