Comment 0 for bug 1716964

When configuring a VLAN interface on /etc/network/interfaces, setting the ip-rp-filter value to 2 (loose mode reverse filtering) gets overridden by the /etc/network/if-up.d/ip script, which only allows for values 0 and 1.

This is the relevant configuration in /etc/network/interfaces

# The primary network interface
auto eno1
iface eno1 inet static
 address 10.1.2.36
 netmask 255.255.0.0
 gateway 10.1.1.2
 dns-search xxx.yy
 dns-nameservers 10.1.2.22 10.1.2.24

# The administrative network
auto eno1.2
iface eno1.2 inet static
 address 172.16.1.8
 netmask 255.255.0.0
 gateway 172.16.0.1
 dns-search adm.xxx.yy
 vlan-raw-device eno1
 ip-rp-filter 2

But it does not get correctly set

~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
1

And this is the script overriding the configuration

~# cat /etc/network/if-up.d/ip
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
then
 if [ -n "$IF_IP_PROXY_ARP" ]; then
  if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
   echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
  else
   echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
  fi
 fi
 if [ -n "$IF_IP_RP_FILTER" ]; then
  if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
   echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
  else
   echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
  fi
 fi
fi

It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it as 1, so it never allows to set is to 2 (loose mode).