>
> You have to use specific source-routing settings in conjuntion with
> enabling arp_filter in order for arp_filter to have any effect.
>
> This is a FAQ.
Frequently asked, but all I find is complex ways to work around the bug
rather than any patches. I do have the source routing settings in place,
virtually all packets sent to an IP not on the NIC are loggged and
droppped, so I won't have a problem with spoofing. I did turn off the
firewall on a machine to check the problem, in practice all the packets
with incorrect MAC addresses would be dropped.
I fear someone with less draconian firewalls might accept an internal IP
address on an external NIC, however. I get about 800 log entries a month
on some machines, and they're behind a boundary router.
I thought I was missing something, clearly this is a known problem.
-- bill davidsen <davidsen@tmr.com> CTO, TMR Associates, Inc Doing interesting things with little computers since 1979.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/