Re: Various Errors in Slackware

[emsi () IT PL (Mariusz Woloszyn)]

On Tue, 21 Dec 1999, Dagmar d'Surreal wrote:

> IPV4 PACKET FORWARDING -- Should not be on by default

Above is true for Slackware 4.0

(...)

> RP_FILTER -- Probably incorrect assumption
> ------------------------------------------
> Just below the section that turns on IP forwarding is a section that
> theoretically turns on rp_filter, which is supposed to do source
> validation of incoming packets to prevent outside lusers from firing
> spoofed packets into your local network.  This is supposed to go on by
> default once ip_forwarding is turned on, according to both the comments in
> the script and the kernel documentation.  (Annoyingly enough, the
> interface for it in /proc still emits a 0 when ip_forwarding is turned on,
> which leads me to believe that something might be missing in the kernel,
> although I might be the only person that ever tries to read proc first to
> see what's on and what's off.)  Better to be safe than sorry and change
> the logic to stuff a 1 in there if IPV4_FORWARD is true, and a zero in
> there if it's false.
It also applyes to Slackware 4.0, but it isn't kernel problem. Kernel
documentation says:

# rp_filter
#    Integer value deciding if source validation should be made.
#    1 means yes, 0 means no. Disabled by default, but
#    local/broadcast address spoofing is always on.
# 

"Disabled by default"! I noticed Patrick Volkerding long time before
Slackware 7 (as soon as I found it in 4.0).

Anyway you're not the only person that ever tries to read proc first :)

Regards,

--
Mariusz Wo³oszyn
Internet Security Specialist, Internet Partners, GTS Poland
E-mail: emsi () it pl