bug 11191: rp_filter changes.

The following are summary of changes: 1) when network.disable.rpfilter is set to true, then rp_filter will be disadbled(set to 0) on all the public interfaces and also default setting of the system. 2) when network.disable.rpfilter is set to false, then rp_filter will be enabled(set to 1) on all the public interfaces and also default setting of the system. 3) here public public interface means , eth2 ... ethN. default setting means (/proc/sys/net/ipv4/conf/default/rp_filter). 4) Default setting change will have impact on non-public interface. Due to these, rp_filter is always enabled on Non-public interfaces(eth0,eth1 and lo). 5) when a new public interface is created, new interface will take rp_filter value from the default setting.
2011-11-04 17:08:20 +05:30 · 2011-11-04 17:08:20 +05:30 · 6b6cd0a8b5
parent 6a085608cb
commit 6b6cd0a8b5
1 changed files with 4 additions and 0 deletions
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@ -259,6 +259,10 @@ disable_rpfilter_domR() {
         echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
      done
  fi
+  log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1)"
+  echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
+  echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
+  echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
 }

 enable_svc() {