Re: Various Errors in Slackware

[emsi () IT PL (Mariusz Woloszyn)]

On Wed, 22 Dec 1999, Mariusz Woloszyn wrote:

> "Disabled by default"! I noticed Patrick Volkerding long time before
> Slackware 7 (as soon as I found it in 4.0).

BTW: I got a replay (long time ago -- Fri, 16 Jul 1999) from Patrick
saying:
"You might want to report this to the kernel developers, since the comment
is taken directly from /usr/src/linux/Documentation/Configure.help, and is
still there in 2.2.10.

Best regards,

Pat"

And the documentation still says wrong:

"  If you turn on IP forwarding, you will also get the rp_filter, which
  automatically rejects incoming packets if the routing table entry
  for their source address doesn't match the network interface they're
  arriving on. This has security advantages because it prevents the
  so-called IP spoofing, however it can pose problems if you use
  asymmetric routing (packets from you to a host take a different path
  than packets from that host to you) or if you operate a non-routing
  host which has several IP addresses on different interfaces. To turn
  rp_filter off use:

        echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter
  or
        echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
"

Regards,

P.S. Cc to Axel Boldt (boldt () math ucsb edu) as he is mentioned as a
maintainer of Configure.help


--
Mariusz Wo³oszyn
Internet Security Specialist, Internet Partners, GTS Poland
E-mail: emsi () it pl