The following modification on /etc/network/if-up.d/ip makes it work.
*** 13,18 ****
--- 13,20 ----
if [ -n "$IF_IP_RP_FILTER" ]; then
if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
+ elif [ "$IF_IP_RP_FILTER" -eq "2" ]; then
+ echo 2 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
else
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
fi
** Description changed:
When configuring a VLAN interface on /etc/network/interfaces, setting
the ip-rp-filter value to 2 (loose mode reverse filtering) gets
overridden by the /etc/network/if-up.d/ip script, which only allows for
values 0 and 1.
This is the relevant configuration in /etc/network/interfaces
# The primary network interface
auto eno1
iface eno1 inet static
- address 10.1.2.36
- netmask 255.255.0.0
- gateway 10.1.1.2
- dns-search xxx.yy
- dns-nameservers 10.1.2.22 10.1.2.24
+ address 10.1.2.36
+ netmask 255.255.0.0
+ gateway 10.1.1.2
+ dns-search xxx.yy
+ dns-nameservers 10.1.2.22 10.1.2.24
# The administrative network
auto eno1.2
iface eno1.2 inet static
- address 172.16.1.8
- netmask 255.255.0.0
- gateway 172.16.0.1
- dns-search adm.xxx.yy
- vlan-raw-device eno1
- ip-rp-filter 2
+ address 172.16.1.8
+ netmask 255.255.0.0
+ ip-rp-filter 2
+ vlan-raw-device eno1
+
But it does not get correctly set
- ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
+ ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
1
-
And this is the script overriding the configuration
- ~# cat /etc/network/if-up.d/ip
+ ~# cat /etc/network/if-up.d/ip
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
then
- if [ -n "$IF_IP_PROXY_ARP" ]; then
- if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
- echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
- else
- echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
- fi
- fi
- if [ -n "$IF_IP_RP_FILTER" ]; then
- if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
- echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
- else
- echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
- fi
- fi
+ if [ -n "$IF_IP_PROXY_ARP" ]; then
+ if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
+ echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
+ else
+ echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
+ fi
+ fi
+ if [ -n "$IF_IP_RP_FILTER" ]; then
+ if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
+ echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
+ else
+ echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
+ fi
+ fi
fi
-
- It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it as 1,
so it never allows to set is to 2 (loose mode).
+ It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
+ as 1, so it never allows to set is to 2 (loose mode).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964
Title:
VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
