[Mageia-discuss] Odd entry in log file
Maarten Vanraes
alien at rmail.be
Tue May 8 21:17:27 CEST 2012
Op dinsdag 08 mei 2012 02:05:44 schreef imnotpc:
[...]
> > promiscuous mode means you're passing through from layer 2 to layer 3
> > irrespective of mac address (ie: even if it's not for you)
> >
> > iptables is not complaining
> >
> > martians is kernel level, (resource path filtering (for asynchronous
> > routing)), before iptables even comes into play.
>
> So the kernel would log the martian before iptables sees it? That
> explains why it isn't dropped by the firewall. But that begs the
> question, is there any point in using iptables rules to block packets
> from other subnets if iptables will never see them? Just about every
> sample firewall ruleset I've ever seen does this either explicitly or by
> allowing them to fall through to the default DROP rule. Now that I'm
> thinking back, in 10+ years of Linux LAN experience I've never seen a
> martian packet logged by any of my firewalls. i just assumed it was good
> network management ;-)
yes, because rp_filter level can be adjusted in the kernel :-)
More information about the Mageia-discuss
mailing list