From 0b14268af9be9e941bd9883df3d7ad4fddbc99db Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 9 May 2016 09:58:15 +0200
Subject: [PATCH] install sysctl file set set rp_filter=2

To avoid that packet gets accepted to early in fwbr. We had the
same setting in package vzctl (Proxmox VE 3.X).
---
 src/Makefile                 | 2 ++
 src/pve-firewall-sysctl.conf | 3 +++
 2 files changed, 5 insertions(+)
 create mode 100644 src/pve-firewall-sysctl.conf

diff --git a/src/Makefile b/src/Makefile
index bce4edd..74ae7fd 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -36,6 +36,8 @@ install: pve-firewall pve-firewall.8 pve-firewall.bash-completion pvefw-logger
 	install -d ${DESTDIR}/${MAN8DIR}
 	install -m 0644 pve-firewall.8 ${DESTDIR}/${MAN8DIR}
 	install -m 0644 -D pve-firewall.bash-completion ${DESTDIR}/${BASHCOMPLDIR}/pve-firewall
+	install -d -m 0755 ${DESTDIR}/usr/lib/sysctl.d/
+	install -m 0644 pve-firewall-sysctl.conf ${DESTDIR}/usr/lib/sysctl.d/pve-firewall.conf
 
 .PHONY: clean
 clean: 	
diff --git a/src/pve-firewall-sysctl.conf b/src/pve-firewall-sysctl.conf
new file mode 100644
index 0000000..acd1f38
--- /dev/null
+++ b/src/pve-firewall-sysctl.conf
@@ -0,0 +1,3 @@
+# Enables source route verification
+net.ipv4.conf.all.rp_filter = 2
+
-- 
2.39.2