Source routing tunable?

Started by passeri, September 22, 2024, 01:45:17 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 22, 2024, 01:45:17 AM
Reading the XML file for my configuration (what else do you do on a Sunday?) I came across this:
Code Select
<item>
      <descr>
        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
        It can also be used to probe for information about your internal networks. These functions come enabled
        as part of the standard FreeBSD core system.
      </descr>
      <tunable>net.inet.ip.sourceroute</tunable>
      <value>default</value>
...
      <tunable>net.inet.ip.accept_sourceroute</tunable>
      <value>default</value>
    </item>

Checking the manual, I did not discover mention of source routing or such tunables. The description above is unclear, in that it says the tunable is on by default in FreeBSD but not what is the default value in OPNsense.

I know what source routing is, but what is the setting for it here, should I consider this an issue in a home network, and where is it set anyway (other than importing a modified configuration)?
Deciso DEC697
+crowdsec +wireguard
September 22, 2024, 10:30:07 AM #1
System > Settings > Tunables

The default in FreeBSD is disabled according to the documentation:
https://man.freebsd.org/cgi/man.cgi?query=inet&sektion=4
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 23, 2024, 05:30:24 AM #2
Thank you Patrick.
Deciso DEC697
+crowdsec +wireguard
Print
Go Up Pages1
User actions