lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <568FDFBF.3010300@stressinduktion.org>
Date:	Fri, 8 Jan 2016 17:11:43 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	prmarino1@...il.com, Robert Sander <r.sander@...nlein-support.de>,
	netfilter@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: Configure ICMP error source address

On 08.01.2016 16:24, prmarino1@...il.com wrote:
> Don't put a public address on a lo device use a dummy eth interface instead‎. Any IP address and it's subnet assigned to a lo device is  marked as a marcian address and the traffic is dropped if it tries to leave the lo device.

O_o

> I know that there is som old documentation out there (for example quagga's documentation) that says you can do it ‎but it's been wrong since the 2.4 version off the kernel.
> Linux treats the lo device differently that what routers call a loopback device. The dummy driver is the linux equivalent of what routers call a loopback device.

What you write seems odd to me, we don't treat lo devices differently to 
dummy devices in respect if you bind a public ip address on it.

Bye,
Hannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ