[Mageia-discuss] Odd entry in log file
imnotpc
imnotpc at Rock3d.net
Tue May 8 21:28:19 CEST 2012
On 05/08/2012 03:17 PM, Maarten Vanraes wrote:
> Op dinsdag 08 mei 2012 02:05:44 schreef imnotpc:
> [...]
>>> promiscuous mode means you're passing through from layer 2 to layer 3
>>> irrespective of mac address (ie: even if it's not for you)
>>>
>>> iptables is not complaining
>>>
>>> martians is kernel level, (resource path filtering (for asynchronous
>>> routing)), before iptables even comes into play.
>> So the kernel would log the martian before iptables sees it? That
>> explains why it isn't dropped by the firewall. But that begs the
>> question, is there any point in using iptables rules to block packets
>> from other subnets if iptables will never see them? Just about every
>> sample firewall ruleset I've ever seen does this either explicitly or by
>> allowing them to fall through to the default DROP rule. Now that I'm
>> thinking back, in 10+ years of Linux LAN experience I've never seen a
>> martian packet logged by any of my firewalls. i just assumed it was good
>> network management ;-)
> yes, because rp_filter level can be adjusted in the kernel :-)
>
Ah, so it was my good network management then, hehe. Good info, thanks.
More information about the Mageia-discuss
mailing list