Hello!
In VyOS vyatta-cfg-firewall repository is a wrong definition of rp_filter options, that lead to problems with disabling this option on the fly.
In node.def we have:
rp_filter
default value - 0
conf/all/rp_filter and conf/[interface]/rp_filter both must be set to
a value greater than 0 to do source validation on the interface
But, at kernel.org information is different:
The max value from conf/{all,interface}/rp_filter is used
when doing source validation on the {interface}.
So, when we disabling rp_filter with current way:
... [skipped part] ... else sudo sh -c "echo 0 > \ /proc/sys/net/ipv4/conf/all/rp_filter" fi delete: sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter"
we actually don't do this.