On 10/21/2018 04:24 PM, dryden@xxxxxxxxxxxxx wrote:
... And as usual, while researching this, I found settings that might be even more relevant to your situation: ...linux/Documentation/networking/ip-sysctl.txt:
There's LOTS of good information in that file.
- arp_announce - arp_ignore
I am fond of arp_filter (1) and rp_filter (1). It makes a host behave more like a strong end system (RFC 1122).
which may be more useful for keeping each host's neighbor table "clean" of foreign addresses, and is probably safer than disabling ICMP redirects.
Agreed.
Cheers, and apologies for replying to my reply.
Apology returned to sender as it was unnecessary. ;-) -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
