On 2019-12-10, Bastian Kanbach <[email protected]> wrote: > Good evening all, > > following up on the previous discussions, I noticed that the network > stack changed recently [1] (limited to cases when packet forwarding is > enabled). > > What's the idea behind it, as it seemed to be unlikely that this default > would be changed at all?
It helps with https://www.openwall.com/lists/oss-security/2019/12/05/1 for simpler cases. For more complex cases where forwarding is also used, restrictions can be made with PF (urpf-failed; this was possible before, too).
