BCP38 on public-facing Ubuntu servers

• Previous message (by thread): BCP38 on public-facing Ubuntu servers
• Next message (by thread): BCP38 on public-facing Ubuntu servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/3/21 8:44 AM, William Herrin wrote:
> rp_filter is great until your network is slightly less than a 
> perfect hierarchy. Then your Linux "router" starts mysteriously 
> dropping packets and, as with allow_local, Linux doesn't have any 
> way to generate logs about it so you end up with these mysteriously 
> unexplained packet discards matching no conceivable rule in 
> iptables... This failure has too often been the bane of my existence 
> when using Linux for advanced networking.

I don't remember the particulars, but I thought that was the domain of 
log_martians (net.ipv4.conf.*.log_martians).

Without log_martians or explicitly looking for such, no, you won't get 
any indication of such drops.



-- 
Grant. . . .
unix || die

• Previous message (by thread): BCP38 on public-facing Ubuntu servers
• Next message (by thread): BCP38 on public-facing Ubuntu servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]