This bug was fixed in the package vlan - 1.9-3.2ubuntu5 --------------- vlan (1.9-3.2ubuntu5) artful; urgency=medium
* Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1 (LP: #1716964) -- Dan Streetman <dan.street...@canonical.com> Wed, 20 Sep 2017 09:30:21 -0400 ** Changed in: vlan (Ubuntu Artful) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1716964 Title: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1 Status in vlan package in Ubuntu: Fix Released Status in vlan source package in Trusty: In Progress Status in vlan source package in Xenial: In Progress Status in vlan source package in Zesty: In Progress Status in vlan source package in Artful: Fix Released Status in vlan package in Debian: New Bug description: [impact] Using ifupdown, an interface's rp-filter value cannot be set to 2. [test case] On any system using ifupdown to manage interfaces, add to an interface's config: if-rp-filter 2 When the interface is brought up, its /proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead of 2. With the fixed vlan package, its value will correctly be set to 2. [regression potential] problems with this change could affect the value of an interface's rp_filter value. [other] the upstream debian bug for this has been open for 3 years without change, so it is unlikely debian will fix this. [original description] When configuring a VLAN interface on /etc/network/interfaces, setting the ip-rp-filter value to 2 (loose mode reverse filtering) gets overridden by the /etc/network/if-up.d/ip script, which only allows for values 0 and 1. This is the relevant configuration in /etc/network/interfaces # The primary network interface auto eno1 iface eno1 inet static address 10.1.2.36 netmask 255.255.0.0 gateway 10.1.1.2 dns-search xxx.yy dns-nameservers 10.1.2.22 10.1.2.24 # The administrative network auto eno1.2 iface eno1.2 inet static address 172.16.1.8 netmask 255.255.0.0 ip-rp-filter 2 vlan-raw-device eno1 But it does not get correctly set ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter 1 And this is the script overriding the configuration ~# cat /etc/network/if-up.d/ip #!/bin/sh # This should probably go into ifupdown # But usually only those with lots of interfaces (vlans) need these if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ] then if [ -n "$IF_IP_PROXY_ARP" ]; then if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp" else echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp" fi fi if [ -n "$IF_IP_RP_FILTER" ]; then if [ "$IF_IP_RP_FILTER" -eq "0" ]; then echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter" else echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter" fi fi fi It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it as 1, so it never allows to set is to 2 (loose mode). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp