Add a note regarding all/interface rp_filter To clearify how all.rp_filter affect per-interface behaviour.

66Leo66 commited 2024-01-31 10:04:28 +0000 commit 41ad95600b48b60755267146d8d855d3a3e28d5a

howto/networksettings.md

@@ -22,6 +22,8 @@ Check that its really disabled:

 sysctl -a | grep rp_filter

 ```

+**Note** The max value from `conf/{all,interface}/rp_filter` is used when doing source validation on the `{interface}`. In case you don't want to disable `rp_filter` for the entire system, the correct setup is to set both `net.ipv4.conf.all.rp_filter=0` and `net.ipv4.conf.{interface}.rp_filter=0`, where `{interface}` is your vpn interface.

+

 Also the following options must be set.

 ```sh

 $ sysctl -w net.ipv4.conf.all.forwarding=1 net.ipv6.conf.all.forwarding=1

...	...	@@ -22,6 +22,8 @@ Check that its really disabled:
22	22	sysctl -a \| grep rp_filter
23	23	```
24	24
	25	+Note The max value from `conf/{all,interface}/rp_filter` is used when doing source validation on the `{interface}`. In case you don't want to disable `rp_filter` for the entire system, the correct setup is to set both `net.ipv4.conf.all.rp_filter=0` and `net.ipv4.conf.{interface}.rp_filter=0`, where `{interface}` is your vpn interface.
	26	+
25	27	Also the following options must be set.
26	28	```sh
27	29	$ sysctl -w net.ipv4.conf.all.forwarding=1 net.ipv6.conf.all.forwarding=1