martian source 火星連線和 iptables 腳本

之前發生 martian source 火星連線時,使用網友的解法順利解決
但最近修改了 iptables 腳本並重啟後,又出現以下 log

********* /var/log/messages 系統重要資訊 **********

Jun 12 00:03:11 ernel: martian source 169.254.255.255 from 169.254.189.148, on dev eth1
Jun 12 00:03:11 ernel: ll header: ff:ff:ff:ff:ff:ff:44:87:fc:db:58:f1:08:00
Jun 12 00:09:20 ernel: martian source 169.254.255.255 from 169.254.189.148, on dev eth1
Jun 12 00:09:20 ernel: ll header: ff:ff:ff:ff:ff:ff:44:87:fc:db:58:f1:08:00
Jun 12 00:09:21 ernel: martian source 169.254.255.255 from 169.254.189.148, on dev eth1
Jun 12 00:09:21 ernel: ll header: ff:ff:ff:ff:ff:ff:44:87:fc:db:58:f1:08:00
Jun 12 00:09:22 ernel: martian source 169.254.255.255 from 169.254.189.148, on dev eth1
Jun 12 00:09:22 ernel: ll header: ff:ff:ff:ff:ff:ff:44:87:fc:db:58:f1:08:00

原因是每次重啟 iptables 腳本時,像 /proc/sys/net/ipv4/conf/eth*/* 裡的設定檔就會重置

//重啟
sh /scripts/iptables.sh
//查看會發現變成1
cat /proc/sys/net/ipv4/conf/eth1/log_martians
1
//改為0
echo 0 > /proc/sys/net/ipv4/conf/eth1/log_martians
cat /proc/sys/net/ipv4/conf/eth1/log_martians
0
//重啟,又變回1
sh /scripts/iptables.sh
cat /proc/sys/net/ipv4/conf/eth1/log_martians
1

解法,把這 2 行加入到 iptables.sh 腳本中

echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
#這行才是主要有作用,注意網路設備名稱
echo "0" > /proc/sys/net/ipv4/conf/eth1/log_martians

這樣以後重啟 iptables.sh 腳本,就不用再針對martian source 火星連線改設定