various improvements and fixes, some flidas related

[distro-setup] / mail-route

diff --git a/mail-route b/mail-route
index 41e833ec286231e9c47b95ee10c322dd25a2f7da..29f152b7c7fb2d23ac1a7ad2a2cb9d99a77eb2bf 100755 (executable)
--- a/mail-route
+++ b/mail-route
@@ -70,6 +70,13 @@ show() {
     e iptables -t nat -S
     e ip rule
     e ip route show table 1
+
+    tun_dev=$(ip a show to 10.8.0.4/24 | sed -rn '1s/^\S+\s+([^:]+).*/\1/p')
+    if [[ $tun_dev == tun* ]]; then
+        e sysctl net.ipv4.conf.$tun_dev.rp_filter
+    else
+        echo "$0: note, no tun device found"
+    fi
     exit 0
 }
 
@@ -90,7 +97,12 @@ modify() {
     e iptables -t nat $iptables_op POSTROUTING -o $tun_dev -m mark --mark 0x1 -j SNAT --to-source 10.8.0.4
     e ip rule $ip_op fwmark 1 table 1
     # note, this rule does not persist when the tun interface is deleted
-    #e ip route $ip_op default via 10.8.0.1 table 1
+    e ip route $ip_op default via 10.8.0.1 table 1
+
+    # on debian this is 0 (no filter), on ubuntu it\'s 1, which is no good. 0 or 2 both work fine.
+    # 2 drops it if the packet is not routable, martian address, or my default route is screwed up,
+    # so, eh, might as well. some rhel docs recommend using it.
+    e sysctl net.ipv4.conf.$tun_dev.rp_filter=2
 
     exit 0
 }