f4f82a
# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty
f4f82a
# common and reasonable use cases.
f4f82a
#
f4f82a
# Notably, it makes it impossible for NetworkManager to do connectivity
f4f82a
# check on a newly arriving default route (it starts with a higher metric
f4f82a
# and is bumped lower if there's connectivity).
f4f82a
#
f4f82a
# Kernel's default is 0 (no filter), systemd configures a Loose filter since
f4f82a
# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1
f4f82a
# to 2'). However, RHEL systemd package happens to default to Strict mode
f4f82a
# for historic reasons. Let's override it if we're doing connectivity
f4f82a
# checking.
f4f82a
f4f82a
# Source route verification
f4f82a
net.ipv4.conf.all.rp_filter = 0