Bug 24235

Summary:	rp_filter unconditionally set to 1 in /etc/init.d/net.eth0 ignoring defaults in sysctl.conf
Product:	Gentoo Linux	Reporter:	jochen <jochen.eisinger>
Component:	[OLD] Core system	Assignee:	Martin Schlemmer (RETIRED) <azarah>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=71971
Whiteboard:
Package list:		Runtime testing required:	---

Description jochen 2003-07-10 08:57:14 UTC

The /etc/init.d/net.eth0 sets rp_filter to 1 overriding sysctl.conf and thus
breaking software like freeswan. This should be configurable, or at least assume
there is already a reasonable default in sysctl.conf

Reproducible: Always
Steps to Reproduce:
1. echo "net.ipv4.conf.default.rp_filter = 0" > /etc/sysctl.conf
2. /etc/init.d/bootmisc start
3. cat /proc/sys/net/ipv4/conf/default/rp_filter
4. /etc/init.d/net.eth0 start
5. cat /proc/sys/net/ipv4/conf/eth0/rp_filter
Actual Results:  
0
1

Expected Results:  
0
0

I'd suggest adding a configuration setting to /etc/conf.d/net

Comment 1 Martin Schlemmer (RETIRED) gentoo-dev

2003-07-16 11:11:08 UTC

Added a kludge to CVS - should solve your problem:

---------------------------------------
Index: init.d/net.eth0
===================================================================
RCS file: /home/cvsroot/gentoo-src/rc-scripts/init.d/net.eth0,v
retrieving revision 1.28
diff -u -r1.28 net.eth0
--- init.d/net.eth0	16 Mar 2003 08:03:19 -0000	1.28
+++ init.d/net.eth0	16 Jul 2003 18:08:33 -0000
@@ -124,8 +124,10 @@
 	fi
 
 	# Enabling rp_filter causes wacky packets to be auto-dropped by
-	# the kernel
-	if [ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter ]
+	# the kernel.  Note that we only do this if it is not set via
+	# /etc/sysctl.conf ...
+	if [ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter ] && \
+	   [ -z "$(egrep '^[^#]*rp_filter' /etc/sysctl.conf 2>/dev/null)" ]
 	then
 		echo 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter
 	fi