mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 16:54:10 +01:00
Update 'interfaces' manpage with some advice regarding 'logmartians'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5416 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
965cc55785
commit
7c10831bc4
@ -166,11 +166,27 @@ loc eth2 -</programlisting>
|
||||
|
||||
<listitem>
|
||||
<para>Turn on kernel martian logging (logging of packets with
|
||||
impossible source addresses. It is suggested that if you set
|
||||
<emphasis role="bold">routefilter</emphasis> on an interface
|
||||
that you also set <emphasis
|
||||
role="bold">logmartians</emphasis>. This option may also be
|
||||
enabled globally in the <ulink
|
||||
impossible source addresses. It is strongly suggested that if
|
||||
you set <emphasis role="bold">routefilter</emphasis> on an
|
||||
interface that you also set <emphasis
|
||||
role="bold">logmartians</emphasis>. Even if you do not specify
|
||||
the <option>routefilter</option> option, it is a good idea to
|
||||
specify <option>logmartians</option> because your distribution
|
||||
may be enabling route filtering without you knowing it.</para>
|
||||
|
||||
<para>To find out if route filtering is set on a given
|
||||
<replaceable>interface</replaceable>, check the contents of
|
||||
<filename>/proc/sys/net/ipv4/conf/<replaceable>interface</replaceable>/rp_filter</filename>
|
||||
— a non-zero value indicates that route filtering is
|
||||
enabled.</para>
|
||||
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting> teastep@lists:~$ <command>cat /proc/sys/net/ipv4/conf/eth0/rp_filter </command>
|
||||
1
|
||||
teastep@lists:~$ </programlisting>
|
||||
|
||||
<para>This option may also be enabled globally in the <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
file.</para>
|
||||
</listitem>
|
||||
|
@ -87,7 +87,7 @@
|
||||
<note>
|
||||
<para>If you are not familiar with Netfilter to the point where you are
|
||||
comfortable with the differences between the various connection tracking
|
||||
states, then I suggest that you omit the <emphasis
|
||||
states, then it is suggested that you omit the <emphasis
|
||||
role="bold">ESTABLISHED</emphasis> and <emphasis
|
||||
role="bold">RELATED</emphasis> sections and place all of your rules in
|
||||
the NEW section (That's after the line that reads SECTION NEW').</para>
|
||||
|
Loading…
Reference in New Issue
Block a user