Timeline for Linux Source Routing, Strong End System Model / Strong Host Model?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 15, 2019 at 13:52 | comment | added | ZAB |
Instead of issuing multiple iptables command one can use this magic nftables one liner nft add rule inet filter input fib daddr . iif type != { local, broadcast, multicast } drop. This is't really the subject of original question thought it was about the gateway, i.e. output chain
|
|
| Mar 12, 2018 at 17:24 | history | edited | telcoM | CC BY-SA 3.0 |
improved sentence structure
|
| Mar 12, 2018 at 17:23 | comment | added | telcoM | That would be a subtly different thing. A strong host model essentially just means "no short cuts": a response to an incoming connection will be sent out the same interface the connection came in, even though the routing table might indicate there could be a more direct route using another interface - and a connection would be accepted in only on the interface that actually has the destination IP address. Network namespaces might achieve the same thing, but at the cost of having to duplicate service processes for each namespace. | |
| Jan 22, 2018 at 20:41 | comment | added | Jörg W Mittag | Would it be possible and/or useful to use network namespaces to either replace (some of) this or make it "stronger"? | |
| Dec 17, 2017 at 0:44 | history | answered | telcoM | CC BY-SA 3.0 |