[Swan] rp_filter security implications
Paul Wouters
paul at nohats.ca
Thu Mar 5 17:55:07 EET 2015
On Thu, 5 Mar 2015, John Crisp wrote:
> I have been asked about the security implications of disabling
> rp_filtering on a server to run libreswan.
>
> Can someone give some advice on this please ?
rp_filter is basically an implementation of RFC-3704
https://tools.ietf.org/html/rfc3704
So check out the introducion of that document.
The easy answer is, "If you implement BCP38 on your routers, then the
impact is limited to the IPsec host itself".
If they did not implement BCP38, then this one little host is probably
not going to make much difference.
You can try and enable it on some of the interfaces.
Paul
More information about the Swan
mailing list