Hello!
> > We do not have any flag, which blocks forwarding of packets
> > received on some interface. This is duty of firewall.
>
> I think the problem is that "being a router" or "being a host" should be
> per-interface, which means the global devconf6 forwarding flag should go
> away.
Let me to repeat: we do not have any flag which blocks forwarding
per interface. :-) Killing global flag would mean that we do not have
any way to disable forwarding at all.
So, as soon as you forward at least on one interface, global
flag must be ON. And packet filtering must be made with firewall.
> join
> the all-routers multicast group, etc. etc.
WHAT? Kernel does not use this multicast group, hence it has
no reasons to join it.
If some module will start to use this group, it will join it.
> you claim to be a router, you should try to route packets you receive on
> that
Particualrly, dropping all of them. :-)
> packets if you have any way to get there. Dropping them is the special
> case.
Exactly. Which exactly matches to the statement that all the functions
are controlled by separate flags. :-)
Alexey
|