What's the recommended way to configure IP rules with
mark in OpenWrt to avoid the reverse path filter (rpfilter) blocking traffic?
Often the rpfilter will block (response) traffic when you use IP rules with mark. That's because rpfilter won't respect the firewall mark unless enabled with
net.ipv4.conf.<IFACE>.src_valid_mark=1. In this case you also need to save and restore the firewall mark, and make sure packets can be forwarded correctly in both directions with the mark set.
It's also possible to disable rpfilter globally in
But how can it be done on a single interface such as a GRE tunnel?
The current documentation doesn't seem to mention rp_filter and src_valid_mark.