If one enables rp_filter with:
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
... does it enable SAV on ALL interfaces past, present and
future, or just the ones that are up?
What document describes the conf/ dirs/files in detail? I've
looked at various files in Documentation which do help, however
I'm still left puzzled.
In several scripts people have sent me there is code like the
following:
if [ -e $PROCNET/conf/all/rp_filter ]; then
echo -n "Enabling kernel level source address verification "
echo -n "IP spoofing protection: "
for f in $PROCNET/conf/*/rp_filter
do
echo 1 > $f
done
echo "done."
else
echo "WARNING: SAV IP spoofing could not be enabled."
echo "Manual rule based IP spoofing not implemented yet."
fi
When I read the above, the for loop seems redundant to me. Why
echo 1 to every dir's rp_filter? Is that not what the "all"
directory is for?
Are the following two equivalent?
1) for f in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $f
done
2) echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
What is the "default" one for?
Please feel free to point me to the exact document that
accurately and unambiguously describes all of this.
I really appreciate it, thanks.
TTYL
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocateJoin the FreeMWare project - the goal to produce a FREE program in which you can run Windows 95/98/NT, and other operating systems.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:29 EST