When configuring a VLAN interface on /etc/network/interfaces, setting the ip-rp-filter value to 2 (loose mode reverse filtering) gets overridden by the /etc/network/if-up.d/ip script, which only allows for values 0 and 1.
This is the relevant configuration in /etc/network/interfaces
And this is the script overriding the configuration
~# cat /etc/network/if-up.d/ip
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
then
if [ -n "$IF_IP_PROXY_ARP" ]; then
if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
else
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
fi
fi
if [ -n "$IF_IP_RP_FILTER" ]; then
if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
else
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
fi
fi
fi
It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it as 1, so it never allows to set is to 2 (loose mode).
When configuring a VLAN interface on /etc/network/ interfaces, setting the ip-rp-filter value to 2 (loose mode reverse filtering) gets overridden by the /etc/network/ if-up.d/ ip script, which only allows for values 0 and 1.
This is the relevant configuration in /etc/network/ interfaces
# The primary network interface
auto eno1
iface eno1 inet static
address 10.1.2.36
netmask 255.255.0.0
gateway 10.1.1.2
dns-search xxx.yy
dns-nameservers 10.1.2.22 10.1.2.24
# The administrative network
auto eno1.2
iface eno1.2 inet static
address 172.16.1.8
netmask 255.255.0.0
gateway 172.16.0.1
dns-search adm.xxx.yy
vlan-raw-device eno1
ip-rp-filter 2
But it does not get correctly set
~# cat /proc/sys/ net/ipv4/ conf/eno1. 2/rp_filter
1
And this is the script overriding the configuration
~# cat /etc/network/ if-up.d/ ip sys/net/ ipv4/conf/ $IFACE" ] sys/net/ ipv4/conf/ $IFACE/ proxy_arp" sys/net/ ipv4/conf/ $IFACE/ proxy_arp" sys/net/ ipv4/conf/ $IFACE/ rp_filter" sys/net/ ipv4/conf/ $IFACE/ rp_filter"
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/
then
if [ -n "$IF_IP_PROXY_ARP" ]; then
if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
echo 1 > "/proc/
else
echo 0 > "/proc/
fi
fi
if [ -n "$IF_IP_RP_FILTER" ]; then
if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
echo 0 > "/proc/
else
echo 1 > "/proc/
fi
fi
fi
It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it as 1, so it never allows to set is to 2 (loose mode).