Your message dated Wed, 10 Sep 2008 19:57:20 +1000
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#498467: oops - retract bug report
has caused the Debian Bug report #498467,
regarding sysctl.conf: net.ipv4.conf.default.rp_filter - either value or
comment incorrect?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
498467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498467
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: procps
Version: 1:3.2.7-8
Tags: patch
There is a long-standing bug in the kernel documentation, which is still
present in 2.6.
The sysctl.conf file shipped with Lenny (and with Etch for that matter)
duplicates the bug.
To protect a system against routing errors, rp_filter should be 1.
To protect a system against IP spoofing attacks, it should be 2.
A more complete explanation can be found at:
http://lists.netfilter.org/pipermail/netfilter/2000-September/005400.html
The following patch fixes the problem with sysctl.conf:
--- sysctl.conf 2008-04-08 08:50:18.000000000 +1000
+++ sysctl.conf.NEW 2008-09-11 13:55:46.000000000 +1000
@@ -15,8 +15,8 @@
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
-#net.ipv4.conf.default.rp_filter=1
-#net.ipv4.conf.all.rp_filter=1
+#net.ipv4.conf.default.rp_filter=2
+#net.ipv4.conf.all.rp_filter=2
# Uncomment the next line to enable TCP/IP SYN cookies
#net.ipv4.tcp_syncookies=1
bfn,
John
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--- End Message ---
--- Begin Message ---
On Wed, Sep 10, 2008 at 06:24:03PM +1000, [EMAIL PROTECTED] wrote:
> Close this bug. I thought I was testing on a 2.6 kernel, I was on a 2.2
> kernel!
> (it is true - virtual machines lead to server sprawl).
No worries, thanks for letting me know.
- Craig
--
Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/ csmall at : enc.com.au
http://www.debian.org/ Debian GNU/Linux, software should be Free
--- End Message ---