18 Jan
2002
18 Jan
'02
16:55
Nadeem Hasan wrote:
Just make sure you have added "ipsec0" to the FW_DEV_EXT variable in the /etc/rc.config.d/firewall2.rc.config. This will make sure that rp_filter is not turned on for any interface.
Please also note that to see any effect of above, you need to reboot or manually turn off rp_filter for all the interfaces. this is because when you started the firewall without ipsec0 listed, it turned on rp_filter on all the interfaces. With ipsec0 present, the script does not change the rp_filter flag. It retains its previous value, which is "1" as set by SuSEfirewall2 the first time. Cheers, -- Nadeem Hasan nhasan@nadmm.com http://www.nadmm.com/