New hack: MULTI-NIC-ARP-LOCK
parent
e5d681caf1
commit
a2fd85688c
|
@ -139,6 +139,16 @@ function apply_ipv4_hack {
|
||||||
display_c RED "\nError: could not load $MOD_U32 module into the kernel. Not using fix."
|
display_c RED "\nError: could not load $MOD_U32 module into the kernel. Not using fix."
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
MULTI-NIC-ARP-LOCK)
|
||||||
|
# MULTI-NIC-ARP-LOCK - By default, in Linux, arp requests may be answered by interfaces that
|
||||||
|
# do not actually have the IP in question. In some (alot in my case),
|
||||||
|
# I have things going through specific wires for a reason. This fixes
|
||||||
|
# that and makes it behave as expected.
|
||||||
|
for i in default all; do
|
||||||
|
echo "1" > /proc/sys/net/ipv4/conf/$i/arp_ignore
|
||||||
|
echo "2" > /proc/sys/net/ipv4/conf/$i/arp_announce
|
||||||
|
done
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
|
|
@ -65,6 +65,11 @@ IPv4_MARK=$BASEDIR/ipv4-marks
|
||||||
# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
|
# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
|
||||||
# http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
|
# http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
|
||||||
#
|
#
|
||||||
|
# MULTI-NIC-ARP-LOCK - By default, in Linux, arp requests may be answered by interfaces that
|
||||||
|
# do not actually have the IP in question. In some (alot in my case),
|
||||||
|
# I have things going through specific wires for a reason. This fixes
|
||||||
|
# that and makes it behave as expected.
|
||||||
|
#
|
||||||
HACK_IPV4="NS-IN-DDOS"
|
HACK_IPV4="NS-IN-DDOS"
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue