Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxxx> wrote: >On 07/13/2018 09:23 AM, Leroy Tennison wrote: >> Is there a definitive way to tell that rp_filter is dropping traffic (in >> this case echo request) other than disabling it and seeing the expected >> traffic (echo reply)? I tried an iptables packet trace but I either did >> it wrong or it showed nothing. The only indications I have right now >> are: > >Check dmesg. That's the most reliable place I've seen for logs about (so >called) "martian" packets. I believe they're also counted in the "in_martian_src" column of /proc/net/stat/rt_cache. -J >> No firewall rules blocking traffic but no replies either. > >It seems like reverse path filtering operates at a lower layer before >IPTables. > >> The problem is subnet-specific (only occurs on a directly-connected >> subnet). > >Odd. > > > >-- >Grant. . . . >unix || die --- -Jay Vosburgh, jay.vosburgh@xxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
