New hack: MULTI-NIC-ARP-LOCK

master
bbruns@gmail.com 2010-09-25 00:29:17 +00:00
parent e5d681caf1
commit a2fd85688c
2 changed files with 17 additions and 2 deletions

View File

@ -138,7 +138,17 @@ function apply_ipv4_hack {
else
display_c RED "\nError: could not load $MOD_U32 module into the kernel. Not using fix."
fi
;;
;;
MULTI-NIC-ARP-LOCK)
# MULTI-NIC-ARP-LOCK - By default, in Linux, arp requests may be answered by interfaces that
# do not actually have the IP in question. In some (alot in my case),
# I have things going through specific wires for a reason. This fixes
# that and makes it behave as expected.
for i in default all; do
echo "1" > /proc/sys/net/ipv4/conf/$i/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/$i/arp_announce
done
;;
esac
shift
done

View File

@ -62,8 +62,13 @@ IPv4_MARK=$BASEDIR/ipv4-marks
# Hacks to either block specific kinds of attacks or fix problems
#
# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
# http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
#
# MULTI-NIC-ARP-LOCK - By default, in Linux, arp requests may be answered by interfaces that
# do not actually have the IP in question. In some (alot in my case),
# I have things going through specific wires for a reason. This fixes
# that and makes it behave as expected.
#
HACK_IPV4="NS-IN-DDOS"