#2813: Firewall defects
--------------------+-------------------------------------------------------
Reporter: Spinal | Owner: blfs-b...@…
Type: defect | Status: new
Priority: normal | Milestone: 6.4
Component: BOOK | Version: SVN
Severity: normal | Keywords:
--------------------+-------------------------------------------------------
1) echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
'''DOESN'T WORK'''
Here's the description of why:
http://forum.openvz.org/index.php?t=msg&goto=3144
Or just check kernel documentation: networking/ip-sysctl.txt
Probably the best thing we can do is adding this in rc.iptables:
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
2) Same issue exists with rp_filter
This should be added to rc.iptables:
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
3) accept_redirects - same issue like with send_redirects (but only for
non-routers, with routers current config works fine).
This should be added to rc.iptables:
echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
4) Comment "Don¹t send Redirect Messages" - "Don¹t" -> "Don't", should be
fixed
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2813>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
