README
This commit is contained in:
parent
e6530e2e4a
commit
543073fd2e
|
@ -0,0 +1,16 @@
|
||||||
|
# TCP/IP Stack
|
||||||
|
|
||||||
|
## Linux Firewall Configuration
|
||||||
|
|
||||||
|
Imagine a setup where the machine you are running this code has IP
|
||||||
|
192.168.1.10. This code claims 192.168.1.222 for itself. Now, pinging
|
||||||
|
192.168.1.222 from some other machine, say 192.168.1.99, will cause
|
||||||
|
the local kernel to receive the pings and then *forward them on to
|
||||||
|
192.168.1.222*, which because of the gratuitous ARP announcement, it
|
||||||
|
knows to be on its own Ethernet MAC address. This causes the ping
|
||||||
|
requests to repeat endlessly, each time with one lower TTL.
|
||||||
|
|
||||||
|
One approach to solving the problem is to prevent the kernel from
|
||||||
|
forwarding packets addressed to 192.168.1.222. To do this,
|
||||||
|
|
||||||
|
sudo iptables -I FORWARD -d 192.168.1.222 -j DROP
|
Loading…
Reference in New Issue