On Fri, Jun 27, 2014 at 7:58 PM, Lennart Poettering <[email protected]> wrote: > On Thu, 26.06.14 12:49, Eugene Yakubovich ([email protected]) wrote: > >> >> On Thu, Jun 26, 2014 at 11:17 AM, Lennart Poettering >> <[email protected]> wrote: >> >> > I am tempted to say that we should try to apply as much information from >> > DHCP as we can by default, but make sure it doesn't become a security >> > problem. i.e. we should probably use metrics or so so that manual routes >> > always win, or routes to other interfaces. >> >> I think using metrics is a good idea. Are there some accepted >> guidelines on what reasonable >> values for route metrics should be? Static routes (from [Route]) are >> added with 0, what would >> a good value for DHCP routes be? 100? 1000? > > Hmm, something in the middle of the range, I figure, that is still nice > to type and look at for whatever that is. pick something... Also I > figure the default route added due to dhcp config should also use this > same metric. > > But I figure Tom might have to say something about this?
I pushed out v2 of this patch. Bumping the metric makes sense and should avoid the most obvious security issue. I also pushed a patch to use the same metric for the other DHCP routes. Cheers, Tom _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
