blob: 3ddb6aa5a4cd0ce562749fed6f168d59e33241ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# rp_filter
# default value - 0
# The max value from conf/{all,interface}/rp_filter is used
# when doing source validation on the {interface}.
type: txt
help: Policy for source validation by reversed path, as specified in RFC3704
val_help: strict; Enable Strict Reverse Path Forwarding as defined in RFC3704
val_help: loose; Enable Loose Reverse Path Forwarding as defined in RFC3704
val_help: disable; No source validation
syntax:expression: $VAR(@) in "strict", "loose", "disable"; "source-validation must be set to 'loose', 'strict' or 'disable'"
update:
read all < /proc/sys/net/ipv4/conf/all/rp_filter
if [ x$VAR(@) == xstrict ]; then
new=1
elif [ x$VAR(@) == xloose ]; then
new=2
else
new=0
fi
if [ "$all" -gt "$new" ]; then
echo "Warning: global source-validation overrides per interface"
global="disable"
if [ "$all" -eq 1 ]; then
global=strict
elif [ "$all" -eq 2 ]; then
global=loose
fi
echo "Global value is $global"
fi
if [ -d /sys/class/net/$VAR(../@) ] ; then
sudo sh -c "echo $new > \
/proc/sys/net/ipv4/conf/$IFNAME/rp_filter"
fi
delete:
if [ -d /sys/class/net/$VAR(../@) ] ; then
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/$IFNAME/rp_filter"
fi
|
