On 2/23/20 4:58 PM, Trent W. Buck wrote:
CentOS runs systemd, so rp_filter=1 (or =2 since v240) should be on by default:
"CentOS Linux release 8.1.1911 (Core)" has this line:>
net.ipv4.conf.all.rp_filter = 1
rp_filter is indeed '1'
log_martians is '0'
Since I want rp_filter=1 instead of 2 (I'm not multi-homed) I'll do the
override according to the documentation; specifically, I'll add my
overrides to /etc/sysctl.d/99-sysctl.conf -- then I'll check to see that
the two kernel knobs are set correctly for all interfaces.
And, yes, I meant BCP-38.
As for other packages with version numbers of 0.x, I'm not all that
concerned in a firewall router for anything except the firewall facility
itself. This router will have, as its sole job, filtering incoming and
outgoing packets to my upstream.
Thank you for your comments.
