diff options
| -rw-r--r-- | interface-templates/ip/source-validation/node.def | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/interface-templates/ip/source-validation/node.def b/interface-templates/ip/source-validation/node.def new file mode 100644 index 00000000..bc93b5a5 --- /dev/null +++ b/interface-templates/ip/source-validation/node.def @@ -0,0 +1,34 @@ +# rp_filter +# default value - 0 +# conf/all/rp_filter and conf/[interface]/rp_filter both must be set to +# a value greater than 0 to do source validation on the interface + + +type: txt + +help: Policy for source validation by reversed path, as specified in RFC3704 + +val_help: strict; Enable Strict Reverse Path Forwarding as defined in RFC3704 +val_help: loose; Enable Loose Reverse Path Forwarding as defined in RFC3704 +val_help: disable; No source validation + +syntax:expression: $VAR(@) in "strict", "loose", "disable"; "source-validation must be set to 'loose', 'strict' or 'disable'" + +update: + if [ x$VAR(@) == xstrict ]; then + sudo sh -c "echo 1 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + sudo sh -c "echo 1 > \ + /proc/sys/net/ipv4/conf/$IFNAME/rp_filter" + elif [ x$VAR(@) == xloose ]; then + sudo sh -c "echo 2 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + sudo sh -c "echo 2 > \ + /proc/sys/net/ipv4/conf/$IFNAME/rp_filter" + else + sudo sh -c "echo 0 > \ + /proc/sys/net/ipv4/conf/all/rp_filter" + fi + +delete: + sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/$IFNAME/rp_filter" |