Commit b2cc46a8 authored by Jesper Dangaard Brouer's avatar Jesper Dangaard Brouer Committed by David S. Miller

ipv4: Fix rp_filter description in net/ipv4/Kconfig.

The reverse path filter (rp_filter) will NOT get enabled
when enabling forwarding.  Read the code and tested in
in practice.

Most distributions do enable it in startup scripts.
Signed-off-by: default avatarJesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0117cfab
...@@ -35,7 +35,7 @@ config IP_ADVANCED_ROUTER ...@@ -35,7 +35,7 @@ config IP_ADVANCED_ROUTER
at boot time after the /proc file system has been mounted. at boot time after the /proc file system has been mounted.
If you turn on IP forwarding, you will also get the rp_filter, which If you turn on IP forwarding, you should consider the rp_filter, which
automatically rejects incoming packets if the routing table entry automatically rejects incoming packets if the routing table entry
for their source address doesn't match the network interface they're for their source address doesn't match the network interface they're
arriving on. This has security advantages because it prevents the arriving on. This has security advantages because it prevents the
...@@ -46,9 +46,11 @@ config IP_ADVANCED_ROUTER ...@@ -46,9 +46,11 @@ config IP_ADVANCED_ROUTER
rp_filter on use: rp_filter on use:
echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
or and
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
Note that some distributions enable it in startup scripts.
If unsure, say N here. If unsure, say N here.
choice choice
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment