ipv4: Fix rp_filter description in net/ipv4/Kconfig.

[deliverable/linux.git] / net / ipv4 / Kconfig

diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 691268f3a35972ff931c51bc8c7eeca74e73de78..10c944d42488597ccb06ff12c7b1c7426963ee97 100644 (file)
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -35,7 +35,7 @@ config IP_ADVANCED_ROUTER
 
          at boot time after the /proc file system has been mounted.
 
-         If you turn on IP forwarding, you will also get the rp_filter, which
+         If you turn on IP forwarding, you should consider the rp_filter, which
          automatically rejects incoming packets if the routing table entry
          for their source address doesn't match the network interface they're
          arriving on. This has security advantages because it prevents the
@@ -46,9 +46,11 @@ config IP_ADVANCED_ROUTER
          rp_filter on use:
 
          echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
-         or
+          and
          echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
 
+         Note that some distributions enable it in startup scripts.
+
          If unsure, say N here.
 
 choice