It was rather unusual request of the client that for no matter which reasons asked me to “shut down the Checkpoint firewall”. What ? “Shutdown, you know, that it just passes the traffic from interface to interface by its routing table no checking , also I need to add few routes on the way, Okay ?” . The allocated downtime was up to few minutes , so I understood that no testing/return back/etc could be done beforehand but did what I knew and it actually worked. Here is the things I changed .
Shutdown Checkpoint with #cpstop . I looked for ways to shutdown the firewall kernel module completely but hadn’t found , so warned the client if someone does restart to the machine all is back again.
The following settings I set in file /etc/sysctl.conf and after saving changes activated them with #sysctl –p
**net.ipv4.conf.default.rp_filter = 0** // Disable RPF checks, for some reason it blocked routed networks and timelimit of 2 minutes didn't allow debug . **net.ipv4.ip_forward = 1** // Enable routing **net.ipv4.conf.default.arp_filter = 0** // Disable ARp filtering , meaningful with networks that are reachable through multiple interfaces , while it wasn't the case just to make sure. **net.ipv4.conf.all.arp_filter = 0**
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.