Broken networking - Githubissues

geerlingguy / ansible-role-firewall

Ansible Role - iptables Firewall configuration.

https://galaxy.ansible.com/geerlingguy/firewall/

MIT License

520 stars 217 forks source link

Broken networking #111

Open animalillo opened 4 months ago

animalillo commented 4 months ago

For some reason the spoofing section breaks networking on OVH Ubuntu 22.04 LTS. No way to open new ssh connections even with that port allowed, or emptying all rules. There is no way to turn off this setting either.

The default setting on the machine is 2 on the rp_filter of the machine.

This is the related section

# No spoofing.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filter in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filter
done
fi

steveWinter commented 1 month ago

My recent experience would also suggest this is an issue with Digital Ocean Ubuntu 22.04 LTS instances. This seems to impact protocols other than ssh as well.