[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: loose/strict source route option filtering
From:       Stephen Suryaputra <ssuryaextr () gmail ! com>
Date:       2019-04-17 12:11:56
Message-ID: 20190417121156.GA4440 () ubuntu
[Download RAW message or body]

On Wed, Apr 17, 2019 at 08:49:58AM +0100, John Haxby wrote:
> 
> 
> > On 16 Apr 2019, at 21:27, Stephen Suryaputra <ssuryaextr@gmail.com> wrote:
> > 
> > I wonder if nft supports filtering loose and strict source route ipv4
> > options? From what I read, iptables need some add-ons to do it. Apology
> > if this is ain FAQ.
> 
> Isn't this handled by the net.ipv4.*.rp_filter sysctl?

I don't think so. rp_filter is for validating whether the source address
is reachable to prevent spoofing. I'm asking about source routing in the
IPv4 header options where the sender can specify what hops should be
traversed.

Thanks.
[prev in list] [next in list] [prev in thread] [next in thread]