On Wed, Feb 07, 2001 at 04:33:50PM +0200, Theodor Milkov wrote: > ---> cut <--- > rp_filter - INTEGER > 2 - do source validation by reversed path, as specified in RFC1812 > Recommended option for single homed hosts and stub network > routers. Could cause troubles for complicated (not loop free) > networks running a slow unreliable protocol (sort of RIP), > or using static routes. > > 1 - (DEFAULT) Weaker form of RP filtering: drop all the packets > that look as sourced at a directly connected interface, but > were input from another interface. > > 0 - No source validation. > > NOTE: do not disable this option! All BSD derived routing software > (sort of gated, routed etc. etc.) is confused by such packets, > even if they are valid. When enabled it also prevents ip spoofing > in some limited fashion. > > NOTE: this option is turned on per default only when ip_forwarding > is on. For non-forwarding hosts it doesn't make much sense and > makes some legal multihoming configurations impossible. > ---> cut <--- > > Since I'm not a native english speaker, may be I'm interpreting it in wrong > way. Please correct me if it's not like that. The documentation is out of date, the '2' never reached an released kernel. Everything != 0 is equal to 1. -Andi - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
