Your message dated Wed, 10 Sep 2008 19:57:20 +1000
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#498467: oops - retract bug report
has caused the Debian Bug report #498467,
regarding sysctl.conf:  net.ipv4.conf.default.rp_filter  - either value or 
comment incorrect?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
498467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498467
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---

Package: procps
Version: 1:3.2.7-8
Tags: patch


There is a long-standing bug in the kernel documentation, which is still 
present in 2.6.
The sysctl.conf file shipped with Lenny (and with Etch for that matter) 
duplicates the bug.


To protect a system against routing errors, rp_filter should be 1.
To protect a system against IP spoofing attacks, it should be 2.


A more complete explanation can be found at:

http://lists.netfilter.org/pipermail/netfilter/2000-September/005400.html


The following patch fixes the problem with sysctl.conf:

--- sysctl.conf 2008-04-08 08:50:18.000000000 +1000
+++ sysctl.conf.NEW     2008-09-11 13:55:46.000000000 +1000
@@ -15,8 +15,8 @@
 # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
 # Turn on Source Address Verification in all interfaces to
 # prevent some spoofing attacks
-#net.ipv4.conf.default.rp_filter=1
-#net.ipv4.conf.all.rp_filter=1
+#net.ipv4.conf.default.rp_filter=2
+#net.ipv4.conf.all.rp_filter=2

 # Uncomment the next line to enable TCP/IP SYN cookies
 #net.ipv4.tcp_syncookies=1


bfn,

John

--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



--- End Message ---
--- Begin Message ---
On Wed, Sep 10, 2008 at 06:24:03PM +1000, [EMAIL PROTECTED] wrote:
> Close this bug.  I thought I was testing on a 2.6 kernel, I was on a 2.2 
> kernel!
> (it is true - virtual machines lead to server sprawl).
No worries, thanks for letting me know.

 - Craig
-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 


--- End Message ---

Reply via email to