> >
> >The file that ip_forwarding is declared in is /sys/netinet/ip_proto.c.
> >Note: unless 4.1.3.U1 has changed from 4.1.3, turning off ip forwarding
> >*does not* turn off source routing. If you have full sources you need
> >to modify /sys/netinet/ip_input.c or get a patch from Sun to disable
> >source routes. The default Sun configuration makes it trival for someone
> >who has a modern telnet (like BSD 4.4 or NeXT's) to telnet through you
> >firewall and into your internal network.
> >
>
> Excuse me, please correct me if I am wrong. However, since this is
> a BSD derived system, I thimk you might prefer to set
>
> options IPFORWARDING
>
> in your kernel config file rather than mucking about in
> /sys/netinet/ip_proto.c. This sets a manafest constant which
> should do much more.
Yes, setting IPFORWARDING properly in options or changing ip_forwarding
with adb works just as well as editing ip_proto.c. Once again, my primary
warning is that source routing happens whether you have IPfowarding on
or off.
--mark
Follow-Ups:
|
|
