Changing the rp_filter default in Ubuntu from strict to loose?
Sebastien Bacher
seb128 at ubuntu.com
Thu Feb 7 16:35:33 UTC 2019
Hey there,
The new network-manager in disco does connectivity checking
per-device/connection type which doesn't play nicely with th rp_filter=1
default that procps sets in Ubuntu
The details of the discussions in
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/116
but a summary is
'it uses libcurl and binds the HTTP request to the device, using the
SO_BINDTODEVICE socket option. rc_filter=1 rejects all incoming packets,
if the sender wouldn't also be reached via that device. It thus
counteracts SO_BINDTODEVICE.'
Basically those are conflicting so we need to either disable the
connectivity checker or change the rp_filter default. It looks like
systemd upstream and fedora already decided to change to default to
rp_filter=2 (loose)
https://github.com/systemd/systemd/commit/230450d4
Can we do the same in Ubuntu?
Cheers,
Sebastien Bacher
More information about the ubuntu-devel
mailing list