Rob et all,
I'll work on making my traffic available to you if anyone's interested. As I mentioned and as we chatted, I stopped blocking individual addresses long ago. I use port scanning iptables rules, etc. I mainly have rules for open ports.
I'm more concerned about my inability to block traffic on the WAN-facing side of my tunl0 at this time.
I'm working on an experiment to see if my firewall rules are working, as it's not blocking traffic whatsoever (from what I can determine). The firewall rule/script on the Wiki developed which only allows Portal gateways - IS NO LONGER WORKING. I'm starting to prefer the ampr-ripd that listens on udp/520 (as opposed to listening to IPENCAP Protocol 4 on the WAN-facing side) , from what I can see...
Procedure:
- Make tunl0 on a host on a PC on my LAN again - only place routes to a device in my LAN setup to receive routes - address tunl0 as 44.0.0.1 - send to default RIP router multicast address - see if it accepts routes
WHY 44.0.0.1?!?!:
- I earlier used ampr-ripd, it doesn't seem to accept routes from another ampr-ripd device, proper (I told someone earlier this week to use the -f and -e arguments, but they are NON-FUNCTIONAL). I assume from the code I've reviewed, that ampr-ripd is somehow "locked" to 44.0.0.1.
73,
- KB3BWG Lynwood