16 Apr
2019
16 Apr
'19
11:12 a.m.
I would replace DROP by REJECT. DROP means the system will wait till the packet times out.
For outgoing connections this may cause issues as the daemon that sends the unreachable
will also wait till the packet times out before continuing
Ruben - ON3RVH
On 16 Apr 2019, at 17:17, Marius Petrescu
<marius(a)yo2loj.ro> wrote:
Hello,
To all amprd users (this does not affect setups using the kernel tunnel driver and
ampr-ripd).
Due to changes in the 4.x kernels, there's a problem with the system replying with
"icmp unreachable" to incoming IPIP traffic.
This will possible drop incoming traffic, including the RIP broadcasts (resulting in
incomplete route tables).
Please switch to an ampr-ripd setup or filter outgoing icmp messages on your WAN
interface, using a rule like the one below:
*iptables -A OUTPUT -o ethX -p icmp --icmp-type destination-unreachable -m state --state
RELATED -j DROP*
I hope I can find a workaround on this issue.
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net