diff options
author | Stig Thormodsrud <stig@ubnt.com> | 2014-03-11 15:56:22 -0700 |
---|---|---|
committer | Daniil Baturin <daniil@baturin.org> | 2014-04-06 16:14:57 +0200 |
commit | afae794d3090e06661a4125a03158d531fe15f40 (patch) | |
tree | b7f29c742fc0b38e87f9b6a2012482818cf2f7fb /interface-templates | |
parent | 3d80a7214cfda5597c71c3d329e73a39b7ba6929 (diff) | |
download | vyatta-cfg-quagga-afae794d3090e06661a4125a03158d531fe15f40.tar.gz vyatta-cfg-quagga-afae794d3090e06661a4125a03158d531fe15f40.zip |
Add per interface source-validation
Signed-off-by: Daniil Baturin <daniil@baturin.org>
Diffstat (limited to 'interface-templates')
-rw-r--r-- | interface-templates/ip/source-validation/node.def | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/interface-templates/ip/source-validation/node.def b/interface-templates/ip/source-validation/node.def new file mode 100644 index 00000000..bc93b5a5 --- /dev/null +++ b/interface-templates/ip/source-validation/node.def @@ -0,0 +1,34 @@ +# rp_filter +# default value - 0 +# conf/all/rp_filter and conf/[interface]/rp_filter both must be set to +# a value greater than 0 to do source validation on the interface + + +type: txt + +help: Policy for source validation by reversed path, as specified in RFC3704 + +val_help: strict; Enable Strict Reverse Path Forwarding as defined in RFC3704 +val_help: loose; Enable Loose Reverse Path Forwarding as defined in RFC3704 +val_help: disable; No source validation + +syntax:expression: $VAR(@) in "strict", "loose", "disable"; "source-validation must be set to 'loose', 'strict' or 'disable'" + +update: + if [ x$VAR(@) == xstrict ]; then + sudo sh -c "echo 1 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + sudo sh -c "echo 1 > \ + /proc/sys/net/ipv4/conf/$IFNAME/rp_filter" + elif [ x$VAR(@) == xloose ]; then + sudo sh -c "echo 2 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + sudo sh -c "echo 2 > \ + /proc/sys/net/ipv4/conf/$IFNAME/rp_filter" + else + sudo sh -c "echo 0 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + fi + +delete: + sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/$IFNAME/rp_filter" |