System Network Parameter Tuning (Part 3)

net.ipv4.conf.all.rp_filter=1

Arriving packets get a simple check; is the packet arriving on the correct interface for its source address? In other words, would a response to this packet go back out the same interface? This simple routing table check can quickly handle some attempts at spoofing source addresses. The only reason why this might need to be left off is if you network using asymmetric routing. One explame might be a statellite link where incoming packets arrive on an ethernet interface, but outgoing packets go out through a modem.