I need to disable reverse path filtering in linux to set net.ipv4.conf.default.rp_filter to 0 (net.ipv4.conf.default.rp_filter = 2)

Question

I need to disable reverse path filtering in Linux. I tried like this

 root@user:/home/user# sysctl -w net.ipv4.conf.default.rp_filter=0

now I like to know how to make above settings active so reverse path filtering is disabled do I need to restart sysctl or some thing, Can anyone please tell this

I tried like above but when I ran the sysctl -system

I get this

net.ipv4.conf.default.rp_filter = 2
sysctl: setting key "net.ipv4.conf.all.rp_filter": Invalid argument

why this invalid argument message and I tried changing it to net.ipv4.conf.default.rp_filter = 0 but it still printing sysctl -system as

net.ipv4.conf.default.rp_filter = 2
along with message

Answer 1

There are a few things you've confused,

First, it's sysctl --system not sysctl -system to reload your configuration files; but that may just be a typo in the question.

Second, when you use sysctl -w to change any setting, that -w means writing in the "write instead of readout"-sense, not in the "write to file"-sense. It would only affect the currently active configuration, and it wouldn't be saved anywhere.

So when you run sysctl --system to reload the system configurationfiles, you undo your prior sysctl -w action.

---

Third, you're presumably trying to change the effective rp_filter value on your system, but the default part of the net.ipv4.conf.default.rp_filter key, means it affects the default value for any unnamed network device that gets created after this point.

Presumably, your network device already exists, which means it already has its own personal rp_filter setting, and it doesn't care about the default anymore. If your network device is called eth0, then net.ipv4.conf.eth0.rp_filter is likely the value you actually wanted to change (with sysctl -w or, by writing that into one of the /etc/sysctl.d/*.conf-style configuration files and then rebooting or reloading the --system).

In addition to the default and eth0 (or whatever yours is called), there is also an all version; which is like a wildcard that affects all the existing variants (eg: eth0, eth1 and eth2). When your sysctl configuration is loaded during bootup, the networkdevices may or may not exist yet at the time your sysctl configuration is parsed, so it could easily vary if eth0 does or does not exist yet at that time. If it did exist already then the eth0 and all variants would result in the desired affect and the default variant would not. If however the device didn't exist yet, then it's actually the other way around, and default is the one which would work as intended.

To be sure, just change them all/both; in your /etc/sysctl.conf or /etc/sysctl.d/*.conf files.

---

Update.

Ok, so since you're using a virtual networking device tun0, which gets created later on, going for the default key actually wasn't a mistake.

The main thing still holds though, you do not want to use both sysctl -w and sysctl --system together, as the later undoes what the former did.

It sounds like you either want something like:

sysctl -w net.ipv4.conf.default.rp_filter=0 ;
sysctl -w net.ipv4.conf.tun0.rp_filter=0    ;

or

echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter ;
echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter    ;

Or alternatively, use the .conf files; then you can use --system to reload them.