This list is just great!
Here was my question:
I am compiling the tcp wrappers and It says in the readme:
When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
programs refuse to service TCP connections with IP source routing
options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
that can stop source-routed traffic in the kernel. Examples are
4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
for details.
However I cannot find any doccumentation on how to do this
with solaris 2 (2.5) Can any body point me to a source or tell
me where I can find this info. Thanks. A summary will follow.
Thanks to:
"Clarkson, Michael" <clarkson@amgen.com>
Peter Gersbach <Peter.Gersbach@p3sys.ch>
David Worthington <dave@chadwyck.co.uk>
The answer is ndd as Peter Gersbach <Peter.Gersbach@p3sys.ch> said it most consisely:
From: Peter Gersbach <Peter.Gersbach@p3sys.ch>
Hello Robert
Robert Bannocks wrote:
>
> I am compiling the tcp wrappers and It says in the readme:
>
>
> When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
> programs refuse to service TCP connections with IP source routing
> options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
> that can stop source-routed traffic in the kernel. Examples are
> 4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
> for details.
>
> However I cannot find any doccumentation on how to do this
> with solaris 2 (2.5) Can any body point me to a source or tell
> me where I can find this info. Thanks. A summary will follow.
Use the command `ndd'
% ndd -set /dev/ip ip_forward_src_routed 0
The value of an ip parameter:
% ndd /dev/ip ip_forward_src_routed
You can see all ip driver parameters with
% ndd /dev/ip \? # \ for cshells
See manual ndd
Peter
-- Peter Gersbach P3 Systemhaus AG; Zuerichstr. 175; CH-8607 Aathal; Switzerland Phone: +41 1 972 12 65; Direct: +41 1 972 12 67; Fax: +41 1 972 12 62 E-Mail: gersbach@p3sys.ch; URL: http://www.p3sys.chMichael and David also said much the same. Pitty sun don't doccument this, thanks to you all
From: "Clarkson, Michael" <clarkson@amgen.com> To: 'Robert Bannocks' <R.Bannocks@kingston.ac.uk> Subject: RE: stopping source routing
Hi
In Solaris used ndd to modify the kernel settings. Use ndd /dev/ip ip_forward_src_routed (0 or 1) to enable or disable dropping source routed frames.
Michael Clarkson Unix Systems Admin AMGEN Ltd Cambridge,UK
From: David Worthington <dave@chadwyck.co.uk> Subject: Re: stopping source routing
Robert,
In a recent posting to sun-managers, you asked:
> However I cannot find any doccumentation on how to do this [disable source > routing] with solaris 2 (2.5) Can any body point me to a source or tell > me where I can find this info. Thanks. A summary will follow.
You need to put the following in /etc/init.d/inetinit:
ndd -set /dev/ip ip_forward_src_routed 0
and reboot your machine. Source routing will then be disabled.
Regards
Dave Worthington
-----Multi-Part-Message-Level-1-1-6640--
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:51 CDT