---
title: "How to set up rp_filter on a Linux xNIC"
slug: "how-to-set-up-rp-filters-on-a-xnic"
updated: 2025-12-23T14:49:20Z
published: 2025-12-23T14:49:20Z
canonical: "docs.swxtch.io/how-to-set-up-rp-filters-on-a-xnic"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.swxtch.io/llms.txt
> Use this file to discover all available pages before exploring further.

# How to set up rp_filter on a Linux xNIC

> [!NOTE]
> **WHAT TO EXPECT**
> 
> **In this article**, users will learn how to change the rp_filter parameter on the xNIC configuration.

The rp_filter (or reverse path filtering) is a security feature that prevents IP address spoofing. It does so by validating whether incoming network packets arrive on an interface that could be used to route traffic back to the packet's source IP address.

During xNIC installation, the Linux rp_filter is set to loose mode by default at runtime. This allows for the xNIC to work on asymmetric networks, meaning that it can receive packets from machines outside of its subnet if the source is routable.

Although [swXtch.io](http://swXtch.io) does not recommend doing this, users can opt out of this configuration by navigating to the swx-xnic-config.json file after completing the xNIC installation process. This file can be found in /var/opt/swxtch/swx-xnic-config.json. To edit the file, use any editor, like nano, as shown below:

```shell
sudo nano /var/opt/swxtch/swx-xnic-config.json
```

Next to "overrideSrcIP" in the JSON file, change the parameter to `true`. Save the file and restart the xNIC VM. This will set the rp_filter back to the original mode and will remain like that for future reboots. Note that this means our software will do source network address translation on incoming packets.

Contact [support](mailto:support@swxtch.io) if you need more information regarding this configuration.