On 5/26/2015 7:53 AM, jonetsu wrote: > Hello, > > > When specifying a rpfilter option for an interface, we can see after > applying the firewall configuration that there is a rpfilter being added for > that interface, as well as a rpfilter chain. OTOH, no rp_filter option is > set in /proc/sys/net/ipv4/conf/<interface|all>/rp_filter. > > > What is the difference between what seems to be two different reverse path > filtering options. One is being observed by iptables and the other as a > kernel module ... ? See shorewall-interfaces(5) and note the difference between 'routefilter' and 'rpfilter'. 'routefilter' uses /proc while 'rpfilter' is done via iptables.
-Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
