On Wed, Apr 17, 2019 at 08:49:58AM +0100, John Haxby wrote: > > > > On 16 Apr 2019, at 21:27, Stephen Suryaputra <ssuryaextr@xxxxxxxxx> wrote: > > > > I wonder if nft supports filtering loose and strict source route ipv4 > > options? From what I read, iptables need some add-ons to do it. Apology > > if this is ain FAQ. > > Isn't this handled by the net.ipv4.*.rp_filter sysctl? I don't think so. rp_filter is for validating whether the source address is reachable to prevent spoofing. I'm asking about source routing in the IPv4 header options where the sender can specify what hops should be traversed. Thanks.
