* [PATCH pve-docs 1/1] sdn: update description for setting rp_filter
@ 2026-03-25 10:32 Stefan Hanreich
0 siblings, 0 replies; only message in thread
From: Stefan Hanreich @ 2026-03-25 10:32 UTC (permalink / raw)
To: pve-devel
Starting with trixie, systemd-sysctl no longer reads /etc/sysctl.conf
[1]. Update the documentation on how to set the rp_filter value to
reflect that change.
[1] https://www.debian.org/releases/trixie/release-notes/issues.en.html#etc-sysctl-conf-is-no-longer-honored
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
pvesdn.adoc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/pvesdn.adoc b/pvesdn.adoc
index d20a0eb..aa57be3 100644
--- a/pvesdn.adoc
+++ b/pvesdn.adoc
@@ -1408,7 +1408,9 @@ If you have multiple gateway nodes, you should disable the `rp_filter` (Strict
Reverse Path Filter) option, because packets can arrive at one node but go out
from another node.
-Add the following to `/etc/sysctl.conf`:
+Add the following to `/etc/sysctl.d/z-rp-filter.conf` (the z- prefix is
+important, because PVE ships a pve-firewall configuration file that sets
+rp_filter to 0):
-----
net.ipv4.conf.default.rp_filter=0
--
2.47.3
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-03-25 10:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-25 10:32 [PATCH pve-docs 1/1] sdn: update description for setting rp_filter Stefan Hanreich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox