On Sat, 5 May 2001, David S. Miller wrote:
> > It adds the ability to run multiple interfaces on the same subnet,
> > on the same machine, and have the ARPs for each interface be answered
> > based on whether or not the kernel would route a packet from the ARP'd
> > IP out that interface. When used with source-based routing, this
> > makes things work in an intuitive manner.
>
> How difficult is it to compose netfilter rules that do this?
I want this feature precisely /because/ it interferes with
packet filtering.
I sleep better knowing that my packet filters are bound to
specific interfaces (with default DENY everywhere). I like
to know that I can ssh in via the second card on my DB
servers, without worrying about them accepting other traffic
(or performance-vital traffic going over a cheap backup
card).
Matthew.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 07 2001 - 21:00:25 EST