Hello!
In VyOS [[ https://github.com/vyos/vyatta-cfg-firewall/blob/1f010c0a0d4ae6e4f37d9f71d0e97df2fc44b999/templates/firewall/source-validation/node.def | vyatta-cfg-firewall repository ]] is a wrong definition of rp_filter options, that lead to problems with disabling this option on the fly.
In node.def we have:
> rp_filter
> default value - 0
> conf/all/rp_filter and conf/[interface]/rp_filter **both must be set** to
> a value greater than 0 to do source validation on the interface
But, at [[ https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt | kernel.org ]] information is different:
> The **max value** from conf/{all,interface}/rp_filter is used
> when doing source validation on the {interface}.
So, when we disabling rp_filter with current way:
```
delete:
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter"
```
we actually don't do this.