On Fri, 01 Oct 2004 08:45:29 +0700, hypoj <[EMAIL PROTECTED]> wrote:
> Ki'nh ba'c,
> Ca'i vu. na`y thi` mi`nh dda~ hie^?u ro^`i, ba'c gia?ng the^m ca'i
> ddoa.n na`y vo+'i:
> for interface in /proc/sys/net/ipv4/conf/*/rp_filter
>   do
>     echo 1 > $interface
>   done

 This enables source validation by reversed path according to RFC1812.
 In other words, did the response packet originate from the same interface
 through which the source packet was sent?  It's recommended for single-homed
 systems and routers on stub networks.  Since those are the configurations
 this firewall is designed to support, I turn it on by default.
 Turn it off if you use multiple NICs connected to the same network.

This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
VietLUG-users mailing list

Trả lời cho