17 lines
697 B
Markdown
17 lines
697 B
Markdown
|
# TCP/IP Stack
|
||
|
|
||
|
## Linux Firewall Configuration
|
||
|
|
||
|
Imagine a setup where the machine you are running this code has IP
|
||
|
192.168.1.10. This code claims 192.168.1.222 for itself. Now, pinging
|
||
|
192.168.1.222 from some other machine, say 192.168.1.99, will cause
|
||
|
the local kernel to receive the pings and then *forward them on to
|
||
|
192.168.1.222*, which because of the gratuitous ARP announcement, it
|
||
|
knows to be on its own Ethernet MAC address. This causes the ping
|
||
|
requests to repeat endlessly, each time with one lower TTL.
|
||
|
|
||
|
One approach to solving the problem is to prevent the kernel from
|
||
|
forwarding packets addressed to 192.168.1.222. To do this,
|
||
|
|
||
|
sudo iptables -I FORWARD -d 192.168.1.222 -j DROP
|