When rp_filter kernel setting is configured with different boolean, which takes precedence? all.rp_filter or interface.rp_filter?
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 0
Asked
Active
Viewed 97 times
1 Answers
0
The default property is not involved in this.
For all and eth0 Documentation about rp_filter says:
The max value from conf/{all,interface}/rp_filter is used when doing source validation on the {interface}.
So here highest value takes precedence:
max(conf/all/rp_filter,conf/eth0/rp_filter)=max(1,0)=1
SRPF is thus in effect on eth0 (and all other interfaces except those having rp_filter=2 which would get Loose RPF behavior instead).
The interaction between all/rp_filter and its per-interface matching property is not the only behavior existing, documentation should be checked for each property.
The only role of the value set to default and thus default/rp_filter is to be inherited by newly created interfaces. This is documented here:
``conf/default/*``: Change the interface-specific default settings.These settings would be used during creating new interfaces.
Note that when moving an interface from a network namespace to an other, the per-interface properties will inherit their new default settings which could be different in the new namespace: it's as if the interface was just created there.
A.B
- 12,715