20 Apr
2017
20 Apr
'17
10:42 p.m.
First let me thank all that responded to my quest for some iptables ideas for getting rid
of encaped non-ampr source packets. Most of it I understood and some I did not. In any
event, I learned quite a bit along the way.
For me, most all of the bad stuff is coming in via the spoofed ampr gateway address of
169.228.66.251 . The only thing I use the gateway for is the rip broadcasts. Linwood is
right — the obvious solution is to simply use the emailed routing tables from the portal
and not use rip at all. Then simply block everything coming from 169.228.66.251 - easy
peasy. Several of my jnos forwarding partners have been doing this for years. Not as
convenient, but it will do the job - they get a daily updated table via email and
automatically install it and then source it.
I think this is the route I will take for now while keeping on playing with iptables.
jerome
ve7ass
Vancouver
On Apr 20, 2017, at 18:11, lleachii--- via 44Net
<44net(a)hamradio.ucsd.edu> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Correction...he can't get routes from AMPRGW...without someone else bootstrapping
him.
- Lynwood
On 04/20/2017 09:05 PM, lleachii(a)aol.com wrote:
(but then he can't use the Internet on his
AMPRLAN then). Just my $0.02...
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net