Dne středa 15. března 2023 12:55:55 CET, Henning Follmann napsal(a): > This is indeed not right. > Please try to ping any other host on the 192.168.1.0/24 network from > 192.168.0.0/24 network. This might be just the case that the host with the > two interfaces replies on any interface independent of the network.
Pinging to other hosts on that network does not work - forwarding is disabled, which is the default. My point is that when I have a server which has management interface on VLAN for example, and some client sets default route to that server and tries to access the management address, he will get there if no input interface is set on firewall. The managemwent is not the problem since it usualy is accessible only through one interface on one specific address, but when I want to enable ICMP for example on multiple interfaces from multiple networks, it gets kind of exhauseting. I was wondering if it is possible to prevent this behavior through modification of kernel network stack, but did find nothing other than rp_filter which checks source address of packets but not the destination one. Best regards, ks
