Re: NAT and netfilter (appology, thanks, and correction)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Henning P. Schmiedehausen: "Re: [WAYYYY OFFTOPIC] Re: WISHING MILLENNIUM GREETING !"
• Previous message: Trever Adams: "NAT and netfilter (appology, thanks, and correction)"
• Maybe in reply to: Trever Adams: "NAT and netfilter (appology, thanks, and correction)"
• Next in thread: Thomas Molina: "Re: NAT and netfilter (appology, thanks, and correction)"
• Reply: Thomas Molina: "Re: NAT and netfilter (appology, thanks, and correction)"

My worry is since my box will now forward to the private network,
how do I keep people from doing source routing and routing packets
onto my machine...

The kernel drops source routed frames based upon sysctl settings
under "/proc/sys/net/ipv4/conf/{all,default,...}/accept_source_route

Set it to "0" for interfaces you'd like source routes to be rejected
upon, or just set it under ipv4/conf/all/ to reject them everywhere
(this is the default).

Later,
David S. Miller
davem@redhat.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Henning P. Schmiedehausen: "Re: [WAYYYY OFFTOPIC] Re: WISHING MILLENNIUM GREETING !"
• Previous message: Trever Adams: "NAT and netfilter (appology, thanks, and correction)"
• Maybe in reply to: Trever Adams: "NAT and netfilter (appology, thanks, and correction)"
• Next in thread: Thomas Molina: "Re: NAT and netfilter (appology, thanks, and correction)"
• Reply: Thomas Molina: "Re: NAT and netfilter (appology, thanks, and correction)"