HELLO_wORLD
Very Senior Member
Hi all,
I realized that sysctl net.ipv4.conf.*.rp_filter which perform reverse path filtering to detect invalid source address is set to 0 on my R7800. That seems strange for a router.
It can be turned on changing sysctl settings, but:
1) sysctl method is now deprecated and work only for IPv4.
2) a "rpfilter" kernel module is available since Linux 3.3 and iptables 1.4.13 which allow to perform reverse path filtering within iptables for IPv4 but also IPv6.
Like:
However, this module does not exist in our firmwares:
ip6tables v1.8.7 (legacy): Couldn't load match `rpfilter':No such file or directory (same with iptables).
@Voxel : Is it possible (and simple) to include the rpfilter .ko module in /lib/modules/3.4.103/ ?
I realized that sysctl net.ipv4.conf.*.rp_filter which perform reverse path filtering to detect invalid source address is set to 0 on my R7800. That seems strange for a router.
It can be turned on changing sysctl settings, but:
1) sysctl method is now deprecated and work only for IPv4.
2) a "rpfilter" kernel module is available since Linux 3.3 and iptables 1.4.13 which allow to perform reverse path filtering within iptables for IPv4 but also IPv6.
Like:
Code:
iptables -A PREROUTING -t raw -m rpfilter --invert -j DROP
ip6tables -A PREROUTING -t raw -m rpfilter --invert -j DROP
However, this module does not exist in our firmwares:
ip6tables v1.8.7 (legacy): Couldn't load match `rpfilter':No such file or directory (same with iptables).
@Voxel : Is it possible (and simple) to include the rpfilter .ko module in /lib/modules/3.4.103/ ?
Last edited: