On Tue, 21 Dec 1999, Dagmar d'Surreal wrote:
> IPV4 PACKET FORWARDING -- Should not be on by default
Above is true for Slackware 4.0
(...)
> RP_FILTER -- Probably incorrect assumption
> ------------------------------------------
> Just below the section that turns on IP forwarding is a section that
> theoretically turns on rp_filter, which is supposed to do source
> validation of incoming packets to prevent outside lusers from firing
> spoofed packets into your local network. This is supposed to go on by
> default once ip_forwarding is turned on, according to both the comments in
> the script and the kernel documentation. (Annoyingly enough, the
> interface for it in /proc still emits a 0 when ip_forwarding is turned on,
> which leads me to believe that something might be missing in the kernel,
> although I might be the only person that ever tries to read proc first to
> see what's on and what's off.) Better to be safe than sorry and change
> the logic to stuff a 1 in there if IPV4_FORWARD is true, and a zero in
> there if it's false.
>
It also applyes to Slackware 4.0, but it isn't kernel problem. Kernel
documentation says:
# rp_filter
# Integer value deciding if source validation should be made.
# 1 means yes, 0 means no. Disabled by default, but
# local/broadcast address spoofing is always on.
#
"Disabled by default"! I noticed Patrick Volkerding long time before
Slackware 7 (as soon as I found it in 4.0).
Anyway you're not the only person that ever tries to read proc first :)
Regards,
--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners, GTS Poland
E-mail: [EMAIL PROTECTED]
