{
# Set up sysctl.conf for ipsec
# need a check on release version as v8 needs
# net.core.xfrm_larval_drop = 1
#  $configDB->get_prop( 'sysconfig', 'ReleaseVersion' ) eq 'v8/v9'

use strict;
use warnings;
use esmith::ConfigDB;

my $configDB = esmith::ConfigDB->open or die("can't open Config DB");

    if ( $configDB->get_prop( 'ipsec', 'status' ) eq 'enabled' ) {

        $OUT .= <<CONFIG_END
# Ipsec overrides
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.dummy0.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0

CONFIG_END
    }
}
