Re: [PATCH v5] net: netfilter: Fix rpfilter dropping vrf packets by mistake
From: Pablo Neira Ayuso
Date: Tue Jul 16 2019 - 07:16:44 EST
On Tue, Jul 02, 2019 at 03:59:36AM +0000, Miaohe Lin wrote:
> When firewalld is enabled with ipv4/ipv6 rpfilter, vrf
> ipv4/ipv6 packets will be dropped. Vrf device will pass
> through netfilter hook twice. One with enslaved device
> and another one with l3 master device. So in device may
> dismatch witch out device because out device is always
> enslaved device.So failed with the check of the rpfilter
> and drop the packets by mistake.
Applied to nf.git, thanks.