Ondrej,
--On 17 August 2011 22:08:19 +0200 Ondrej Zajicek <santi...@crfreenet.org>
wrote:
One thought - you can use 'ip route add proto kernel', such route
(like other kernel routes) will not be learned even if you have
'learn' and 'import all' in kernel protocol. But it is a hack.
Sure. I am more concerned about a random operator putting in a new
route without thinking - this is essentially an appliance. We've
all (at least once) leaked a pile of routes through unintended
redistribution, and I want to make things as idiot-proof as
possible. Manually installed routes all go in as "boot" (IIRC),
whereas I'm currently installing mine as "static" (though I could
choose anything).
--
Alex Bligh
