-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tibbs, Richard wrote: > OK, so I take it there are no shorewall rules that are associated with route filtering. Is route filtering then an operation performed by the kernel, as per RFC 1812? Deciding what routes to trust from what sources? > > Also, how is this related to IPSEC? I am curious because we have had no success with IPsec between some machines on campus. A "no route found" message was found in a log file -- with spoofprotect=NO and no routefilter option --. > (see previous post of Erichs about no route found). > > As the script below seems to indicate, the first thing done is to set all .../ethx/rp_filters to 0. Then set the interfaces with route_filter options to 1. > But, as Tom's message below indicates, we need to set .../all/rp_filter to 1. The script does not do this. (Why? Done somewhere else?) >
Shorewall versions prior to 1.4.8 were broken in this regard. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBbAtnO/MAbZfjDLIRAqSEAJ43FGN/J8XPwEj6KInEC5idugDhEQCfZBSe 8X1IMXZe+jVLHiJIcNbE81w= =5opJ -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
