[Olsr-dev] Asymmetric ipip not working
Sven-Ola Tuecke
(spam-protected)
Mon Apr 26 09:57:46 CEST 2010
Moins,
hhm. dunno yet. I don't think that adding iptables-functions to olsrd is a
good thing. A routing daemon should not fiddle to much with the system
besides routing tables IMO.
Besides that: the rp_filter stuff is getting nasty. As I wrote, the
itunl0.rp_filter=0 is required on 2.6.31. There's already a query in
linux/net.c, some "if is_at_least_linuxkernel_2_6_31". On 2.6.30 there is a
tunl0.rp_filter file, but on 2.6.18 (my XEN based gateway server) does not
offer rp_filter for the ipip tunnel device. Same on 2.4.30...
Hmmm.
// Sven-Ola
Am Montag 26 April 2010 09:25:50 schrieb Henning Rogge:
> On Mon April 26 2010 08:57:27 Sven-Ola Tuecke wrote:
> > And one more: I need to re-check the security implications. Suppose you
> > do a telnet 127.0.0.1 which is encapsulated in ipip or something similar.
> > Your firewall may be surprised (even if that simple telnet does not
> > work)...
>
> Maybe there should be an additional firewall rule for traffic coming out of
> the generic tunnel-endpoint to block this ?
>
> Henning Rogge
More information about the Olsr-dev
mailing list