- Ampr-ripd (and amprd) accept only routes from 44.0.0.1, so that spoofing should be less probably.
- The -f and -e options rebroadcast standard RIPv2, not ampr-style RIP. They can be used to send routes to a second router using the first as a gateway. The second router needs to run a standard RIP daemon, like quagga.
- And to some earlier statements: ampr-ripd never listened to protocol 4, only to udp/520, starting with its first version.
Marius, YO2LOJ
On 2017-05-11 03:02, lleachii--- via 44Net wrote:
(Please trim inclusions from previous messages) _______________________________________________ Rob et all,
I'll work on making my traffic available to you if anyone's interested. As I mentioned and as we chatted, I stopped blocking individual addresses long ago. I use port scanning iptables rules, etc. I mainly have rules for open ports.
I'm more concerned about my inability to block traffic on the WAN-facing side of my tunl0 at this time.
I'm working on an experiment to see if my firewall rules are working, as it's not blocking traffic whatsoever (from what I can determine). The firewall rule/script on the Wiki developed which only allows Portal gateways - IS NO LONGER WORKING. I'm starting to prefer the ampr-ripd that listens on udp/520 (as opposed to listening to IPENCAP Protocol 4 on the WAN-facing side) , from what I can see...
Procedure:
- Make tunl0 on a host on a PC on my LAN again
- only place routes to a device in my LAN setup to receive routes
- address tunl0 as 44.0.0.1
- send to default RIP router multicast address
- see if it accepts routes
WHY 44.0.0.1?!?!:
- I earlier used ampr-ripd, it doesn't seem to accept routes from
another ampr-ripd device, proper (I told someone earlier this week to use the -f and -e arguments, but they are NON-FUNCTIONAL). I assume from the code I've reviewed, that ampr-ripd is somehow "locked" to 44.0.0.1.
73,
- KB3BWG
Lynwood _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net