Page MenuHomeVyOS Platform
Create Task
Maniphest T2988

ip source validation not working for ipv6 aka move it to netfilter
Closed, ResolvedPublicBUG
Actions

Description

hi,

the current implementation of ip source validation in vyos does not handle ipv6. This is cause vyos uses the deprecated way via sysctl.
See https://home.regit.org/2011/08/florian-westphal-moving-rp_filter-into-netfilter/

The current vyos kernel has all needed iptables modules for this.
So I would prefer that we drop the support via /proc and switch to the iptables/netfilter way.

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.26
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

rherold created this task.Oct 17 2020, 7:10 PM
pasik added a subscriber: pasik.Oct 18 2020, 10:19 AM
dmbaturin closed this task as Resolved.Jan 9 2024, 6:28 PM
dmbaturin claimed this task.
dmbaturin added a subscriber: dmbaturin.

There's support for IPv6 source validation in the new implementation.