Modify

Opened 6 years ago

Closed 5 years ago

Last modified 3 years ago

#11272 closed enhancement (invalid)

integrate "rpfilter" module of iptables 1.4.13

Reported by: lsching17@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: base system Version: Trunk
Keywords: iptables rpfilter Cc:

Description

in ipv4 world, there are sysctl variables net.ipv4.conf.*.rp_filter which perform reverse path filtering to detect invalid source address.

However, this is not available to ipv6.

A "rpfilter" module is available since Linux 3.3 and iptables 1.4.13 which allow user to perform reverse path filtering in ipv4 and ipv6.

e.g.

iptables -A PREROUTING -t raw -m rpfilter --invert -j DROP
ip6tables -A PREROUTING -t raw -m rpfilter --invert -j DROP

Please provide it in package "iptables-mod-extra" or somewhere else.

Attachments (0)

Change History (4)

comment:1 Changed 6 years ago by anonymous

+1 - please update openwrt to include iptables 1.4.13, it's a core package for a router and should be up to date with the kernel!

comment:2 Changed 5 years ago by jogo

  • Resolution set to invalid
  • Status changed from new to closed

Feel free to submit a patch to the mailing list according to SubmittingPatches. I'll close this ticket to keep trac mostly for actual bugs.

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

comment:4 Changed 3 years ago by anonymous

iptables v1.4.21: Couldn't load match `rpfilter':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
ip6tables v1.4.21: Couldn't load match `rpfilter':No such file or directory

Try `ip6tables -h' or 'ip6tables --help' for more information.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.