A question about default routes. 3488

I'm surprised they haven't heard complaints and bug reports about it.

The reason I put it that way is to get around the use of the word 'gateway'. Virtually every installation program I've seen seems to buttume that if the person says that they have a gateway (but not saying where it might lead), then it must be the default that leads to the internet. Some people (who should probably know better) use a default route rather than specific network routes when they have more than one local subnet.

Understood

I'd certainly have it look to see if there is an existing default, and if so ask if that default does lead to the world. If it does, the user should be asked what network the ppp link leads to, and use that information to create a 'route add' inetc-ppp-ip-up, and a 'route del' inetc-ppp-ip-down. If that's the case, I'd also look at the contents ofproc-sys-net-ipv4-ipforward to make sure forwarding is not on - that's a huge security hole in the making.

I think SuSE, or one of the desktop "helper" applications has added a 'replacedefaultroute' option which then includes 'noauth' and does some secret hand waving to replace the existing default. While it's better than nothing, it's still a security mis-feature. At a previous jobsite, we had an employee dialing in while connected to a broadband. They got cracked from the broadband, and some kiddie was using that to explore the company net, tripping alarms while trying to improve his access. Security was not at all pleased.

Old guy