X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-route;h=95cbf8d8ef7c1bf4be8efd3d0a069f6d1a077b66;hb=15f043c2c297176bd623d8a8602e2dc5d67eacd6;hp=41e833ec286231e9c47b95ee10c322dd25a2f7da;hpb=f5c8ee56b55b90298b48c83ed0f7ec98cce96bb5;p=distro-setup

diff --git a/mail-route b/mail-route
index 41e833e..95cbf8d 100755
--- a/mail-route
+++ b/mail-route
@@ -70,10 +70,18 @@ show() {
     e iptables -t nat -S
     e ip rule
     e ip route show table 1
+
+    tun_dev=$(ip a show to 10.8.0.4/24 | sed -rn '1s/^\S+\s+([^:]+).*/\1/p')
+    if [[ $tun_dev == tun* ]]; then
+        e sysctl net.ipv4.conf.$tun_dev.rp_filter
+    else
+        echo "$0: note, no tun device found"
+    fi
     exit 0
 }
 
 
+# code common to start and stop.
 modify() {
     # match source or dest port. note, when we send to a port, it picks a random high port as
     # the source.
@@ -90,7 +98,12 @@ modify() {
     e iptables -t nat $iptables_op POSTROUTING -o $tun_dev -m mark --mark 0x1 -j SNAT --to-source 10.8.0.4
     e ip rule $ip_op fwmark 1 table 1
     # note, this rule does not persist when the tun interface is deleted
-    #e ip route $ip_op default via 10.8.0.1 table 1
+    e ip route $ip_op default via 10.8.0.1 table 1
+
+    # on debian this is 0 (no filter), on ubuntu it\'s 1, which is no good. 0 or 2 both work fine.
+    # 2 drops it if the packet is not routable, martian address, or my default route is screwed up,
+    # so, eh, might as well. some rhel docs recommend using it.
+    e sysctl net.ipv4.conf.$tun_dev.rp_filter=2
 
     exit 0
 }