On Fri, 4 Jul 2008, Jozsef Kadlecsik wrote: > If there's dynamic routing (say OSPF), then sometimes it's not so easy at > all to write (static) iptables rules for egress/ingress filtering. That is > also a case where the route match can be important (besides the > possibility to log nasty packets when the routing is trivial). I have to correct myself: when rp_filter produces false results then the route match does also at egress/ingress filtering. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
