jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

disabling arp on the vm interface all together. we have the static entries from the unnumbered system, reduces the attack surface and DOS potentially on the hypervisor

This commit is contained in:
toby 2019-03-09 12:05:45 -08:00
parent 51d76bc101
commit f44ff9304e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/qemu-ifup-public
View File

@ -41,7 +41,7 @@ gwmac() {
ip link set ${IFACE} address $(gwmac $PUBLICMAC) up
arp -i ${IFACE} -s 169.254.0.1 ${PUBLICMAC}
sysctl -w net.ipv4.conf.${IFACE/./\/}.arp_ignore=8
IFS=',' read -ra IPS <<< "$IP"
for IP in "${IPS[@]}"; do