Jonathan Tripathy a écrit : > > What is the best way to stop a linux host from becoming a router? Disable global IP forwarding. If not possible because you need to enable forwarding on some interfaces, disable interface-specific forwarding. Otherwise, use iptables rules in the FORWARD chain (beware undesirable interactions with bridged IP traffic through bridge-nf if enabled vith sysctl net.bridge.bridge-nf-call-iptables=1). > I don't think disabling ip forwarding is possible in my case (As I'm > doing a lot of forwarding in my bridges) Forwarding of ethernet frames within a bridge is completely independent of IP forwarding. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
