Daniel Chemko wrote: > > > > Is it possible to DROP all those IP's in one rule? ( I don't > >need to log them since they are invalid anyway ) > > Ideally this is done for you with /proc/sys/net/ipv4/conf/*/rp_filter == 1 or 2. Do note that the rp_filter code will check only for zero (0) or non-zero. It changed sometime in the kernel 2.2 tree. Up until that point we could use 1,2, or 3 to achieve ingress, egress or both. Nowadays it'll do ingress and egress when using any non-zero value. -- Kind regards / venlig hilsen, Mogens Valentin, Mr Dev IT Networking, Security, Server Setup www.danbbs.dk/~monz mrdev@xxxxxxxxx Phone +45 32 525 878 Cell 51 227 668
