In kernel 2.6.31, the handling of the rp_filter interface option was changed incompatibly. Previously, the effective value was determined by the setting of net.ipv4.config.dev.proxy_arp logically ANDed with the setting of net.ipv4.config.all.proxy_arp.
Beginning with kernel 2.6.31, the value is the arithmetic MAX of those two values. Additionally, a 'loose' routefiltering facility is now enabled by setting the effective value of proxy_arp to 2. Given that Shorewall sets net.ipv4.config.all.proxy_arp to 1 if there are any interfaces specifying 'routefilter', specifying 'routefilter' on any interface has the effect of setting the option on all interfaces. I will be releasing 4.4.5.1 in the next day or so which will contain a workaround for this issue. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: PGP signature
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
