New hack: MULTI-NIC-ARP-LOCK

master
bbruns@gmail.com 2010-09-25 00:29:17 +00:00
parent e5d681caf1
commit a2fd85688c
2 changed files with 17 additions and 2 deletions

View File

@ -139,6 +139,16 @@ function apply_ipv4_hack {
display_c RED "\nError: could not load $MOD_U32 module into the kernel. Not using fix." display_c RED "\nError: could not load $MOD_U32 module into the kernel. Not using fix."
fi fi
;; ;;
MULTI-NIC-ARP-LOCK)
# MULTI-NIC-ARP-LOCK - By default, in Linux, arp requests may be answered by interfaces that
# do not actually have the IP in question. In some (alot in my case),
# I have things going through specific wires for a reason. This fixes
# that and makes it behave as expected.
for i in default all; do
echo "1" > /proc/sys/net/ipv4/conf/$i/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/$i/arp_announce
done
;;
esac esac
shift shift
done done

View File

@ -65,6 +65,11 @@ IPv4_MARK=$BASEDIR/ipv4-marks
# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see: # NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
# http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/ # http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
# #
# MULTI-NIC-ARP-LOCK - By default, in Linux, arp requests may be answered by interfaces that
# do not actually have the IP in question. In some (alot in my case),
# I have things going through specific wires for a reason. This fixes
# that and makes it behave as expected.
#
HACK_IPV4="NS-IN-DDOS" HACK_IPV4="NS-IN-DDOS"