ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0012331ClearOSapp-firewall - Firewallpublic2017-01-12 10:442020-03-05 02:08
Reporteruser2 
Assigned To 
PrioritynormalSeveritytweakReproducibilityhave not tried
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0012331: Consider disabling rp_filter on IPsec systems
DescriptionSee Libreswan FAQ:

https://libreswan.org/wiki/FAQ#Why_is_it_recommended_to_disable_rp_filter_in_.2Fproc.2Fsys.2Fnet_.3F [^]
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2017-01-12 10:44user2New Issue
2017-01-12 10:44user2Assigned To => user2
2017-01-12 10:44user2Statusnew => confirmed
2017-01-24 06:59NickHNote Added: 0004621
2017-04-26 08:20user2Target Version7.3.1 Updates =>
2017-04-26 08:22user2Note Added: 0005451
2017-04-26 13:26NickHNote Added: 0005461
2018-12-14 12:11user2Statusconfirmed => assigned
2018-12-14 12:11user2Assigned Touser2 => tracker
2020-03-05 02:08NickHNote Added: 0013391
2020-03-05 02:08NickHStatusassigned => closed
2020-03-05 02:08NickHAssigned Totracker =>
2020-03-05 02:08NickHResolutionopen => suspended

Notes
(0004621)
NickH   
2017-01-24 06:59   
Please also see \libreswan-3.19\docs\examples\sysctl.conf in the source file for other recommendations. Note ClearOS changes net.ipv4.ip_forward "on the fly" so changing it in systctl.conf is not necessary.
(0005451)
user2   
2017-04-26 08:22   
After review, it would be good to see how this change impacts a couple of dozen systems. Unfortunately, we don't have an easy path to QA such changes in ClearOS 7.
(0005461)
NickH   
2017-04-26 13:26   
Better link to the libreswan sysctl.conf recommendations:
https://github.com/libreswan/libreswan/blob/master/docs/examples/sysctl.conf [^]
(0013391)
NickH   
2020-03-05 02:08   
https://gitlab.com/clearos/clearfoundation/app-firewall/issues/27 [^]