I deployed new "transparent" network filtering yesterday evening around midnight. The filtering falls into two categories, global filtering and Linode-specific filtering.

The global filtering is already activated on all the hosts. This filters most of the broadcast traffic, the HSRP messages, and UDP port 137 traffic.

The Linode specific filtering filters broadcast traffic, and ARP traffic not destined for your IP(s).

The Linode specific filtering is available on all the hosts except host1 and host2. These require new kernel features which would require a reboot of host1 and host2 (both have over 100 days uptime). For now, only the global filtering and the original filtering is available on host1 and host2.

For those not on host1 and host2, to take advantage of the new filtering rules you must reboot your Linode.

If you perform some tcpdumps, you should notice a huge improvement.

Thanks and Enjoy!

-Chris

Ahh! Okay -- I was just running tcpdump to debug some stuff, so I was wondering what you were smoking there for a minute. This brings up an important point though: we all enjoy long uptimes, especially for the host nodes. What's more, I've certainly had Linux boxes enjoy uptimes of over a year, and I've heard of much longer. Yet, I'm sure that there will be a need to upgrade the host machines every now and then, so have you considered having some sort of scheduled maintanence window where we can plan on our nodes going down, take any appropriate precausions, and be ready to do whatever we need when the host comes back up? I'm thinking something really infrequent, like once a year or something.

Just a thought.

-"Zow"