From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 9 May 2016 07:58:15 +0000 (+0200)
Subject: install sysctl file set set rp_filter=2
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=0b14268af9be9e941bd9883df3d7ad4fddbc99db;hp=6e29af123090c53e4e1f29897663717f2cb969c6

install sysctl file set set rp_filter=2

To avoid that packet gets accepted to early in fwbr. We had the
same setting in package vzctl (Proxmox VE 3.X).
---

diff --git a/src/Makefile b/src/Makefile
index bce4edd..74ae7fd 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -36,6 +36,8 @@ install: pve-firewall pve-firewall.8 pve-firewall.bash-completion pvefw-logger
 	install -d ${DESTDIR}/${MAN8DIR}
 	install -m 0644 pve-firewall.8 ${DESTDIR}/${MAN8DIR}
 	install -m 0644 -D pve-firewall.bash-completion ${DESTDIR}/${BASHCOMPLDIR}/pve-firewall
+	install -d -m 0755 ${DESTDIR}/usr/lib/sysctl.d/
+	install -m 0644 pve-firewall-sysctl.conf ${DESTDIR}/usr/lib/sysctl.d/pve-firewall.conf
 
 .PHONY: clean
 clean: 	
diff --git a/src/pve-firewall-sysctl.conf b/src/pve-firewall-sysctl.conf
new file mode 100644
index 0000000..acd1f38
--- /dev/null
+++ b/src/pve-firewall-sysctl.conf
@@ -0,0 +1,3 @@
+# Enables source route verification
+net.ipv4.conf.all.rp_filter = 2
+