12

I want to enable reversed path filtering to prevent source ip spoofing on my server. I noticed that I have the following settings at current:

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.p4p1.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1

The setting in all and the one in default are not the same. There are no explicit settings on my /etc/sysctl.conf file. I would like to what is the impact to the rest of the configurations between setting

net.ipv4.conf.all.rp_filter = 1

and

net.ipv4.conf.default.rp_filter = 1

Do I have to set both or just one of them?

Improve this question
0

1 Answer 1

Reset to default
5

According to this post titled: all vs. default in /proc/sys/net/ipv4/conf [message #3139]:

When you change variables in the /proc/sys/net/ipv4/conf/all directory, the variable for all interfaces and default will be changed as well. When you change variables in /proc/sys/net/ipv4/conf/default, all future interfaces will have the value you specify. This should only affect machines that can add interfaces at run time, such as laptops with PCMCIA cards, or machines that create new interfaces via VPNs or PPP, for example.

References

Improve this answer
2
  • 5
    Yes, I saw that post too while Googling. But in practice, when I tried running sysctl -w net.ipv4.conf.all.rp_filter=1, nothing changes accept the all option, ditto for the default. Commented May 18, 2014 at 5:48
  • This is not exactly true. See duplicated question. Commented Oct 26, 2016 at 0:24

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.