This shows you the differences between two versions of the page.
| |
| ubuntu1604:3:2:7 [2017/05/02 13:16] – utworzono Piotr Kłoczewski | ubuntu1604:3:2:7 [2017/05/04 03:43] (current) – Piotr Kłoczewski |
|---|
| |
| =====Description===== | =====Description===== |
| Setting ""net.ipv4.conf.all.rp_filter"" and ""net.ipv4.conf.default.rp_filter"" to 1 forces the Linux kernel to utilize reverse path filtering on a received packet to determine if the packet was valid. Essentially, with reverse path filtering, if the return packet does not go out the same interface that the corresponding source packet came from, the packet is dropped (and logged if ""log_martians"" is set). | Setting ''net.ipv4.conf.all.rp_filter'' and ''net.ipv4.conf.default.rp_filter'' to 1 forces the Linux kernel to utilize reverse path filtering on a received packet to determine if the packet was valid. Essentially, with reverse path filtering, if the return packet does not go out the same interface that the corresponding source packet came from, the packet is dropped (and logged if ''log_martians'' is set). |
| |
| =====Rationale===== | =====Rationale===== |
| |
| =====Remediation===== | =====Remediation===== |
| Set the following parameter in the "/etc/sysctl.conf" file: | Set the following parameter in the ''/etc/sysctl.conf'' file: |
| <Code:bash> | <Code:bash> |
| net.ipv4.conf.all.rp_filter = 1 | net.ipv4.conf.all.rp_filter = 1 |