10 May
2017
10 May
'17
7:02 p.m.
Rob et all,
I'll work on making my traffic available to you if anyone's interested.
As I mentioned and as we chatted, I stopped blocking individual
addresses long ago. I use port scanning iptables rules, etc. I mainly
have rules for open ports.
I'm more concerned about my inability to block traffic on the WAN-facing
side of my tunl0 at this time.
I'm working on an experiment to see if my firewall rules are working, as
it's not blocking traffic whatsoever (from what I can determine). The
firewall rule/script on the Wiki developed which only allows Portal
gateways - IS NO LONGER WORKING. I'm starting to prefer the ampr-ripd
that listens on udp/520 (as opposed to listening to IPENCAP Protocol 4
on the WAN-facing side) , from what I can see...
Procedure:
- Make tunl0 on a host on a PC on my LAN again
- only place routes to a device in my LAN setup to receive routes
- address tunl0 as 44.0.0.1
- send to default RIP router multicast address
- see if it accepts routes
WHY 44.0.0.1?!?!:
- I earlier used ampr-ripd, it doesn't seem to accept routes from
another ampr-ripd device, proper (I told someone earlier this week to
use the -f and -e arguments, but they are NON-FUNCTIONAL). I assume from
the code I've reviewed, that ampr-ripd is somehow "locked" to 44.0.0.1.
73,
- KB3BWG
Lynwood