The /etc/init.d/net.eth0 sets rp_filter to 1 overriding sysctl.conf and thus breaking software like freeswan. This should be configurable, or at least assume there is already a reasonable default in sysctl.conf Reproducible: Always Steps to Reproduce: 1. echo "net.ipv4.conf.default.rp_filter = 0" > /etc/sysctl.conf 2. /etc/init.d/bootmisc start 3. cat /proc/sys/net/ipv4/conf/default/rp_filter 4. /etc/init.d/net.eth0 start 5. cat /proc/sys/net/ipv4/conf/eth0/rp_filter Actual Results: 0 1 Expected Results: 0 0 I'd suggest adding a configuration setting to /etc/conf.d/net
Added a kludge to CVS - should solve your problem: --------------------------------------- Index: init.d/net.eth0 =================================================================== RCS file: /home/cvsroot/gentoo-src/rc-scripts/init.d/net.eth0,v retrieving revision 1.28 diff -u -r1.28 net.eth0 --- init.d/net.eth0 16 Mar 2003 08:03:19 -0000 1.28 +++ init.d/net.eth0 16 Jul 2003 18:08:33 -0000 @@ -124,8 +124,10 @@ fi # Enabling rp_filter causes wacky packets to be auto-dropped by - # the kernel - if [ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter ] + # the kernel. Note that we only do this if it is not set via + # /etc/sysctl.conf ... + if [ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter ] && \ + [ -z "$(egrep '^[^#]*rp_filter' /etc/sysctl.conf 2>/dev/null)" ] then echo 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter fi
