]> git.proxmox.com Git - pve-firewall.git/commitdiff
projects / pve-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6e29af1)
install sysctl file set set rp_filter=2
authorDietmar Maurer <dietmar@proxmox.com>
Mon, 9 May 2016 07:58:15 +0000 (09:58 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Mon, 9 May 2016 07:58:15 +0000 (09:58 +0200)
To avoid that packet gets accepted to early in fwbr. We had the
same setting in package vzctl (Proxmox VE 3.X).

src/Makefile patch | blob | blame | history
src/pve-firewall-sysctl.conf [new file with mode: 0644] patch | blob

diff --git a/src/Makefile b/src/Makefile
index bce4edd2a7a509e3aa59d5914d1de0fac52333a0..74ae7fdcece7f8db8cd212337dabbc7a8cc97fe6 100644 (file)
--- a/src/Makefile
+++ b/src/Makefile
@@ -36,6 +36,8 @@ install: pve-firewall pve-firewall.8 pve-firewall.bash-completion pvefw-logger
        install -d ${DESTDIR}/${MAN8DIR}
        install -m 0644 pve-firewall.8 ${DESTDIR}/${MAN8DIR}
        install -m 0644 -D pve-firewall.bash-completion ${DESTDIR}/${BASHCOMPLDIR}/pve-firewall
        install -d ${DESTDIR}/${MAN8DIR}
        install -m 0644 pve-firewall.8 ${DESTDIR}/${MAN8DIR}
        install -m 0644 -D pve-firewall.bash-completion ${DESTDIR}/${BASHCOMPLDIR}/pve-firewall
+       install -d -m 0755 ${DESTDIR}/usr/lib/sysctl.d/
+       install -m 0644 pve-firewall-sysctl.conf ${DESTDIR}/usr/lib/sysctl.d/pve-firewall.conf
 
 .PHONY: clean
 clean:         
 
 .PHONY: clean
 clean:         
diff --git a/src/pve-firewall-sysctl.conf b/src/pve-firewall-sysctl.conf
new file mode 100644 (file)
index 0000000..acd1f38
--- /dev/null
+++ b/src/pve-firewall-sysctl.conf
@@ -0,0 +1,3 @@
+# Enables source route verification
+net.ipv4.conf.all.rp_filter = 2
+
Firewall test scripts