Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New option rpfilter_loose to enable loose mode (rp_filter = 2) #163

Merged
merged 1 commit into from
Dec 5, 2018
Merged

New option rpfilter_loose to enable loose mode (rp_filter = 2) #163

merged 1 commit into from
Dec 5, 2018

Conversation

mcgege
Copy link
Member

@mcgege mcgege commented Dec 5, 2018

Signed-off-by: Michael Geiger michael.geiger@telekom.de

@mcgege
New option rpfilter_loose to enable loose mode (rp_filter = 2)
93291fb 
Signed-off-by: Michael Geiger <michael.geiger@telekom.de>
@mcgege mcgege merged commit a39d8b4 into dev-sec:master Dec 5, 2018
@artem-sidorenko
Copy link
Member

@mcgege What is your use-case for a possibility to control this flag? Does it make sense to port it to chef-os-hardening?

@mcgege
Copy link
Member Author

mcgege commented Dec 6, 2018

@artem-sidorenko I had a big problem with multi homed systems where packets where droped because of my complex networking / routing setup. With this loose mode I could solve this ...
Is there already a rp_filter implementation in chef-os-hardening? Generally this is a good hardening method, but the strict mode is sometimes too much ...

@artem-sidorenko
Copy link
Member

@mcgege thanks, then I'll leave it as-is for now :)

enemarke pushed a commit to enemarke/puppet-os-hardening that referenced this pull request Feb 2, 2019
@mcgege @enemarke
New option rpfilter_loose to enable loose mode (rp_filter = 2) (dev-s…
560fc93 
…ec#163)

Signed-off-by: Michael Geiger <michael.geiger@telekom.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mcgege @artem-sidorenko @chris-rock