19 May
2013
19 May
'13
9:01 p.m.
Minor nitpicking I know.. On 20. mai 2013 01:23, Ben wrote:
With Linux you have to disable reverse path filtering, screw around with iptables to do bypass on stateful filtering.
You dont have to "screw around" with iptables. The kernel wont load the conntrack modules/code unless you actually try to load stateful rulesets*. rp filtering on by default I'd also argue is the better default setting, for the 99% of other usecases :-P With quagga I would tend to agree - but as you I have not used it ages and things do change for the better over time -- occasionally. * you CAN configure your kernel to always load it, but that is silly.