networking.firewall.checkReversePath
Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused.
If using asymmetric routing or other complicated routing, set this option to loose mode or disable it and setup your own counter-measures.
This option can be either true (or "strict"), "loose" (only drop the packet if the source address is not reachable via any interface) or false.
- Type
boolean or one of "strict", "loose"- Default
trueexcept if the iptables based firewall is in use and the kernel lacks rpfilter support- Example
"loose"- Declared
- <nixpkgs/nixos/modules/services/networking/firewall.nix>