On Sun, 20 Dec 2009 02:49:53 +0100
Andrzej Odyniec <[email protected]> wrote:
> Tom Eastep wrote:
> > In kernel 2.6.31, the handling of the rp_filter interface option was
> > changed incompatibly. Previously, the effective value was determined
> > by the setting of net.ipv4.config.dev.proxy_arp logically ANDed with
> > the setting of net.ipv4.config.all.proxy_arp.
> >
> > Beginning with kernel 2.6.31, the value is the arithmetic MAX of
> > those two values. Additionally, a 'loose' routefiltering facility
> > is now enabled by setting the effective value of proxy_arp to 2.
> >
> > Given that Shorewall sets net.ipv4.config.all.proxy_arp to 1 if
> > there are any interfaces specifying 'routefilter', specifying
> > 'routefilter' on any interface has the effect of setting the option
> > on all interfaces.
That should have been:
Given that Shorewall sets net.ipv4.config.all.rp_filter to 1...
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
