For proper operation it suffices to run the daemon in.routed. It will advertise the router to all other machines on the net.
But this doesn't disable the routing. Other hosts with a default route or abusal people can still penetrate the router.
But there is help: the kernel does have a variable, which blocks the routing. It can be set in the kernel configuration and even modified during operation.
# turn off ipforwarding options "IPFORWARDING=-1"A suitable position would be right behind the other options and before the comments to the "config vmunix" line.
During operation one can use adb:
# adb -w -k /vmunix /dev/mem _ip_forwarding/W-1 _ip_forwarding?W-1 $qThe line with "/" modifies the kernel on disk while the line with "?" modifies the kernel in memory.
And how is it reenabled?
# adb -w -k /vmunix /dev/mem _ip_forwarding/W0 _ip_forwarding?W0 $q
# mv /sys/`arch -k`/OBJ/ip_input.o /sys/`arch -k`/OBJ/ip_input.o.FCS # mv /sys/netinet/in_proto.c /sys/netinet/in_proto.c.FCS # cp ./in_proto.c /sys/netinet/in_proto.c # cp ./ip_input.c /sys/netinet/ip_input.cNow a new kernel has to be compiled. But before one should set the following options in the kernel config file:
# turn off ipforwarding options "IPFORWARDING=-1" # drop source routed packets options "IPBLOCKSOURCEROUTE=1"Time to build the new kernel:
# KERNELNAME=`head -1 /etc/motd | sed -e "s/.*(//" -e "s/).*//"` # cd /sys/`arch -k`/conf # config $KERNELNAME # cd ../$KERNELNAME # make # mv /vmunix /vmunix.old # mv vmunix /vmunix # rebootSure, one can reenable this option during operation:
# adb -w -k /vmunix /dev/mem _ip_block_source_routed/W0 _ip_block_source_routed?W0 $qWith W1 instead of W0 source routing is disabled again.