5109f486099d50abd5ef4ae0da03eb16c189dd9c
howto/networksettings.md
| ... | ... | @@ -7,7 +7,9 @@ The third rule of dn42: Allow ip forwarding! |
| 7 | 7 | No serious, in case some packets are dropped check first if your settings are correct. |
| 8 | 8 | |
| 9 | 9 | `rp_filter` also known as reverse path filtering is a security measure. |
| 10 | -When the route to return a packet uses a different interface than it arrived from, the packet is dropped. However dn42 routes can be asymmetric. Which means, packets can take different routes on the return path. |
|
| 10 | +When the route to return a packet uses a different interface than it arrived from, the packet is dropped. |
|
| 11 | +Some attackers will set a wrong return address on their packets. This security measure was created to address when this happens. |
|
| 12 | +However dn42 routes can be asymmetric. Which means, packets can take different routes on the return path. |
|
| 11 | 13 | That is why `rp_filter` needs to be disabled. |
| 12 | 14 | |
| 13 | 15 | **Note** using sysctl is not persistent. Depending on your linux distribution put it into `/etc/sysctl.conf` or `/etc/sysctl.d` |