Page MenuHomePhabricator

Configuring `ip source-validation loose` doesn't properly configure `sysctl`
Needs testing, LowPublicBUG

Description

On VyOS 1.2-rolling-201910180117, setting ip source-validation loose seems to have the same outcome as setting it to disable, i.e. results in rp_filter = 0.


Also related, setting firewall source-validation should perhaps configure net.ipv4.conf.default.rp_filter as opposed to net.ipv4.conf.all.rp_filter, because if one wants to disable reverse path validation only for a certain interface, but default to strict for others, at the moment it is not possible.

Details

Difficulty level
Unknown (require assessment)
Version
1.2-rolling-201910180117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

pasik added a subscriber: pasik.Oct 27 2019, 5:42 PM
syncer changed the task status from Open to Needs testing.Nov 16 2019, 11:05 PM
syncer assigned this task to Dmitry.
syncer triaged this task as Low priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.