doc:appunti:net:source_routing
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| doc:appunti:net:source_routing [2025/10/07 10:50] – [Firewall dual homed e source routing con Shorewall] niccolo | doc:appunti:net:source_routing [2025/10/07 10:56] (current) – [Firewall dual homed e source routing con Shorewall] niccolo | ||
|---|---|---|---|
| Line 160: | Line 160: | ||
| < | < | ||
| # Dual-homed external interfaces require global ROUTE_FILTER=No in shorewall.conf. | # Dual-homed external interfaces require global ROUTE_FILTER=No in shorewall.conf. | ||
| + | # The safe policy for connections with untrusted peers is to set accept_source_route to 0. | ||
| + | # Notice: source route packets are nonsensical on a PPP link. | ||
| + | accept_source_route = 0 | ||
| net eth0 tcpflags, | net eth0 tcpflags, | ||
| net eth2 tcpflags, | net eth2 tcpflags, | ||
| - | # Enable route filter (rp_filter kernel paramter) on the local interface. | + | # Enable route filter (rp_filter kernel paramter) |
| loc eth1 dhcp, | loc eth1 dhcp, | ||
| </ | </ | ||
doc/appunti/net/source_routing.txt · Last modified: by niccolo