On 2019-12-10, Bastian Kanbach <b.kanbach@posteo.de> wrote:
> Good evening all,
>
> following up on the previous discussions, I noticed that the network
> stack changed recently [1] (limited to cases when packet forwarding is
> enabled).
>
> What's the idea behind it, as it seemed to be unlikely that this default
> would be changed at all?
It helps with https://www.openwall.com/lists/oss-security/2019/12/05/1
for simpler cases. For more complex cases where forwarding is also used,
restrictions can be made with PF (urpf-failed; this was possible before,
too).
No comments:
Post a Comment