Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is how Linux still works by default, right? Behaviour that is quite surprising, at least it was to me when I discovered that it, in conjunction with many tools (e.g., docker) conveniently enabling up forwarding on all interfaces, unwittingly transforms multi-homed hosts into routers...


I don't think this is correct, it should be disabled by default(net.ipv4.ip_forward=0). At least it is in the major distros I'm familiar with. What distro are you using?


Distros disable it by default but it gets silently enabled when you install things like docker (and maybe livbirt) and so on.

At least Docker (as it was pointed out by a sibling reply to my comment) also sets the FORWARD chain policy to DROP.


I believe Docker stopped doing that a couple of years back. Or it sets the default on the forward chain to drop.


You're right, something is setting the FORWARD chain policy to DROP and I guess it's docker.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: