From owner-freebsd-hackers Wed Mar 12 6:38: 1 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9F8837B401 for ; Wed, 12 Mar 2003 06:38:00 -0800 (PST) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 2A62B43FDD for ; Wed, 12 Mar 2003 06:37:59 -0800 (PST) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 12 Mar 2003 14:37:55 +0000 (GMT) Date: Wed, 12 Mar 2003 14:37:54 +0000 From: David Malone To: Sean Hamilton Cc: hackers@freebsd.org Subject: Re: IP addresses of bridge interfaces Message-ID: <20030312143754.GA54896@walton.maths.tcd.ie> References: <000601c2e813$9d849650$d1d7e8d8@slugabed.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000601c2e813$9d849650$d1d7e8d8@slugabed.org> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Mar 11, 2003 at 01:17:25PM -0800, Sean Hamilton wrote: > I recently upgraded a FreeBSD 4.6.2 bridge to 5.0, and am having troubles > with how it handles IP addresses. This problem is due to a rather contraversial change, where packets are only accepted to addressed to the interface they are recieved on if: net.inet.ip.check_interface=1 This was left off in -stable, but was turned on by default in -current 'cos some people felt it was a security hole. There was a rather long thread about it when it was committed, and it was discussed on bugtraq at some length. If you need to disable it, you should be able to do: net.inet.ip.check_interface=0 in /etc/sysctl.conf. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message