Re: Realms...

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/14/2018 10:52 AM, Grant Taylor wrote:
root@router# ip rule show
10:     from all lookup local local
20:     from all lookup main main
30:     from all lookup reject reject
40:     from all lookup bogons bogons
50:     from all lookup spamhaus-drop spamhaus-drop
60:     from all lookup spamhaus-edrop spamhaus-edrop
70:     from all lookup dshield dshield
80:     from all lookup default default

My routing tables are configured as such:

local = directly attached
main = routes for and to my LANs (no default)
reject = unreachable routes for things black listed (null route)
bogons = unreachable routes for bogons
spamhaus* / dshield = prohibit routes for black lists
default = default gateway of last resort

This allows me to leverage iproute2's ability to cascade through multiple routing tables to find a matching route. I can easily have a route to 10.10.10.0/24 in my main routing table and use it to communicate with 10.10.10.10 despite the unreachable route to 10.0.0.0/8 in my bogon routing table.

Similarly, 8.8.8.8 will not match anything in the first seven routing tables and finally match the default gateway of last resort in the default routing table.

I can also leverage reverse path filtering using this data.  }:-)



--
Grant. . . .
unix || die

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux