Bifrost is an operating system modified, minimal and optimized Linux distribution, with the kernel configured for firewalling and routing. The filter which controls the firewall security policy, is part of the kernel code and can be configured via ipfwadm, ipchains or iptables. The Bifrost Network Project aims to find stability, performance, filter capabilities, administration, computer security, scalability and development possibilities of a Linux based streamlined router/firewall system. The hardware is basically a standard PC with two or more network interfaces or fiber ports (using preferably the Intel Tulip chip or an e1000 Gigabit card) and a flash disk.
Reverse proxy Filtering seems to be enabled by default on this OS. Even after disabling (setting value to 0) this in the rp_filter file, a system reboot enables it back.
To disable reverse proxy filtering even at start-up, a script must be placed in the /etc/rc.d/rc.inet.local file to automatically set the value in rp_filter to 0 for all interfaces. To do this, follow the steps below:
remount disk in writeable mode
remount w
Edit the /etc/rc.d/rc.inet.local file and add the run script
#This script disables Reverse Proxy Filter during startupfor a in /proc/sys/net/ipv4/conf/*/rp_filter;doecho 0 > $adoneTo take effect, restart inet
/etc/rc.d/rc.inet.local
No comments:
Post a Comment