Replacing rp_filter with iptables

I've had to disable rpfilter for an interface (tun0) for an OpenVPN network which uses SNAT and policy based routing (see … ort-number"> for example). Several sites I found (none of which I can find at the moment, of course), suggested using iptables to mimic the functionality of rpfilter (in my case, I have a packet that was originally sourced from (b/c of the default route) being SNAT'ed to a source of (b/c of the policy route), and rp_filter was rejecting the return packets).

I didn't find any instructions anywhere for how to implement rp_filter (where needed) using iptables -- any advice?

0 Replies


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct