tag:blogger.com,1999:blog-3266263034124005485.post7972389645082784600..comments2024-03-24T23:19:30.504+00:00Comments on Fragmentation Needed: PSA: Linux Does RPF Checkingchris margethttp://www.blogger.com/profile/09716555871346949419noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-3266263034124005485.post-76601574043491800582015-05-12T14:44:52.210+01:002015-05-12T14:44:52.210+01:00I was focused on a host system receiving multicast...I was focused on a host system receiving multicast packets when I wrote this post. The RPF check applies to all ingress packets, not just multicast ones, of course. Multicast is a particularly heinous case, because it puts selection of the ingress interface into the hands of the users, rather than the system or network administrator.<br /><br />Frankly, I think that performing the RPF check should depend on whether or not ip_forwarding is enabled. If it's not, what's the point?chris margethttps://www.blogger.com/profile/06646973209424821070noreply@blogger.comtag:blogger.com,1999:blog-3266263034124005485.post-62813134120343545832015-05-12T12:35:26.771+01:002015-05-12T12:35:26.771+01:00I have some Linux firewalls deployed, and a few Li...I have some Linux firewalls deployed, and a few Linux routers (with quagga or birt). In the firewall rp_filter makes perfect sense. I agree with you that in an host it makes little/no sense, and I would understand a distribution such as OpenWRT to enable it by default, but not CentOS. I was bitten by this CentOS "feature", too.Anonymoushttps://www.blogger.com/profile/16111534966079333136noreply@blogger.com