diff --git a/image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf b/image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf deleted file mode 100644 index 715ce12a2..000000000 --- a/image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf +++ /dev/null @@ -1,3 +0,0 @@ -# See https://github.com/cilium/cilium/issues/10645 -net.ipv4.conf.lxc*.rp_filter = 0 -net.ipv4.conf.cilium_*.rp_filter = 0 diff --git a/image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf b/image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf new file mode 100644 index 000000000..da7361c0d --- /dev/null +++ b/image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf @@ -0,0 +1,8 @@ +# See https://github.com/cilium/cilium/issues/10645 +# and https://github.com/cilium/cilium/blame/898a632e3c3b64eaa0f23ebde5a069e87373c59b/tools/sysctlfix/main.go#L41 +# Disable rp_filter on Cilium interfaces since it may cause mangled packets to be dropped +-net.ipv4.conf.lxc*.rp_filter = 0 +-net.ipv4.conf.cilium_*.rp_filter = 0 +# The kernel uses max(conf.all, conf.{dev}) as its value, so we need to set .all. to 0 as well. +# Otherwise it will overrule the device specific settings. +net.ipv4.conf.all.rp_filter = 0