11

I want to enable reversed path filtering to prevent source ip spoofing on my server. I noticed that I have the following settings at current:

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.p4p1.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1

The setting in all and the one in default are not the same. There are no explicit settings on my /etc/sysctl.conf file. I would like to what is the impact to the rest of the configurations between setting

net.ipv4.conf.all.rp_filter = 1

and

net.ipv4.conf.default.rp_filter = 1

Do I have to set both or just one of them?

Question Overflow
  • 4,568
  • 19
  • 57
  • 84

1 Answers1

4

According to this post titled: all vs. default in /proc/sys/net/ipv4/conf [message #3139]:

When you change variables in the /proc/sys/net/ipv4/conf/all directory, the variable for all interfaces and default will be changed as well. When you change variables in /proc/sys/net/ipv4/conf/default, all future interfaces will have the value you specify. This should only affect machines that can add interfaces at run time, such as laptops with PCMCIA cards, or machines that create new interfaces via VPNs or PPP, for example.

References

slm
  • 363,520
  • 117
  • 767
  • 871
  • 2
    Yes, I saw that post too while Googling. But in practice, when I tried running `sysctl -w net.ipv4.conf.all.rp_filter=1`, nothing changes accept the all option, ditto for the default. – Question Overflow May 18 '14 at 05:48
  • This is not exactly true. See duplicated question. – Totor Oct 26 '16 at 00:24