Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: passeri on September 22, 2024, 01:45:17 AM

Title: Source routing tunable?
Post by: passeri on September 22, 2024, 01:45:17 AM
Reading the XML file for my configuration (what else do you do on a Sunday?) I came across this:
Code Select
<item>
      <descr>
        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
        It can also be used to probe for information about your internal networks. These functions come enabled
        as part of the standard FreeBSD core system.
      </descr>
      <tunable>net.inet.ip.sourceroute</tunable>
      <value>default</value>
...
      <tunable>net.inet.ip.accept_sourceroute</tunable>
      <value>default</value>
    </item>

Checking the manual, I did not discover mention of source routing or such tunables. The description above is unclear, in that it says the tunable is on by default in FreeBSD but not what is the default value in OPNsense.

I know what source routing is, but what is the setting for it here, should I consider this an issue in a home network, and where is it set anyway (other than importing a modified configuration)?
Title: Re: Source routing tunable?
Post by: Patrick M. Hausen on September 22, 2024, 10:30:07 AM
System > Settings > Tunables

The default in FreeBSD is disabled according to the documentation:
https://man.freebsd.org/cgi/man.cgi?query=inet&sektion=4
Title: Re: Source routing tunable?
Post by: passeri on September 23, 2024, 05:30:24 AM
Thank you Patrick.
Text only | Text with Images