________________________________ From: Tom Eastep <[email protected]> > >> Checking /etc/shorewall/providers... ERROR: Providers interfaces may >> not specify 'routefilter' when USE_DEFAULT_RT=Yes > > That error is expected as 'routefilter' causes Martians when
> USE_DEFAULT_RT=Yes. Use 'rpfilter' instead. OK, so I guess "shorewall start" should also throw that error and abort. If not, continue, but warn about it. In "interfaces" I'm now using options such as: net4 enp7s0f0 optional,tcpflags,nosmurfs,logmartians,proxyarp=0,arp_ignore=1,sourceroute=0,rpfilter However, if I restart shorewall and dump afterwards I get this result: # grep /rp_filter swdump /proc/sys/net/ipv4/conf/all/rp_filter = 0 /proc/sys/net/ipv4/conf/default/rp_filter = 0 /proc/sys/net/ipv4/conf/enp10s0/rp_filter = 0 /proc/sys/net/ipv4/conf/enp5s0/rp_filter = 0 /proc/sys/net/ipv4/conf/enp6s0/rp_filter = 0 /proc/sys/net/ipv4/conf/enp7s0f0/rp_filter = 0 /proc/sys/net/ipv4/conf/enp7s0f1/rp_filter = 0 /proc/sys/net/ipv4/conf/enp7s0f2/rp_filter = 0 /proc/sys/net/ipv4/conf/enp7s0f3/rp_filter = 0 /proc/sys/net/ipv4/conf/enp8s5/rp_filter = 0 /proc/sys/net/ipv4/conf/lo/rp_filter = 0 # shorewall show capabilities | grep RPFilter RPFilter Match (RPFILTER_MATCH): Available # shorewall version 5.1.4.4 Why isn't /proc/sys/net/ipv4/conf/enp7s0f0/rp_filter = 1? Am I required to set this with sysctl? Also, I'm currently checking and enabling /proc/sys/net/ipv4/ip_forward via sysctl. Is there a reason why shorewall doesn't enable it directly when required? If shorewall can't do that directly then maybe "shorewall check" could check the value of ip_forward, and warn the user to enable it if required. Vieri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
