@bonnietwin I take the offer 
Purpose: changing RPF from strict to relaxed when my web server issues a certbot renew (see Reverse Path Filtering prevents certbot renewal using HTTP-1 acme-challenge - #2 by cfusco for context).
I followed your tutorial almost to the to the letter, with the purpose to execute a script that sets RPF to 2 and then after 15 minutes it reverts to the default. During that window, my webserver is free to issue a certbot renew command.
This is the fcrontab for the fcronuser:
0 0 * * 7 "sudo /home/cfusco/bin/rpf.sh 2"
15 0 * * 7 "sudo /home/cfusco/bin/rpf.sh 1"
This is the script it calls:
#!/bin/bash
###########################################################
# set strictness of Reverse Path Filtering; see RFC 3704, #
# section 2.2: 1, RPF strict; 2, RPF relaxed #
###########################################################
###### Initialization steps ######
LOG="/home/cfusco/bin/log_RPF.txt"
exec 1>>$LOG 2>&1 # write stdout to $LOG, stderr goes to stdout
level=$1 # 1 for strict or 2 for relaxed
##### Functions ######
function run() { # wrapper call for error handling, spins a subshell
cmd_output=$(eval $1)
return_value=$?
[[ $return_value != 0 ]] && echo "Command $1 failed" && echo -e "${cmd_output}" \
|| echo -e "* $1 Output:\n${cmd_output}" "\nCommand $1 succeeded."
return $return_value
}
function logDate() { # log a time stamped message
date=$(date '+%Y-%m-%d %H:%M:%S')
echo -e "\n---\n" "$date" ": $1 \n---"
}
function changeRPF() { # change RPF value
if [[ $level == 1 || $level == 2 ]]; then
sysctl net.ipv4.conf.default.rp_filter=$level
sysctl net.ipv4.conf.all.rp_filter=$level
else
echo "either 1 or 2, instead you entered: "$level
return -1
fi
}
##### Main Routine ######
logDate "Changing RPF strictness"
run "changeRPF"
The error I got in the logs is:
---
2022-09-11 00:00:00 : Changing RPF strictness
---
/home/cfusco/bin/rpf.sh: line 29: sysctl: command not found
/home/cfusco/bin/rpf.sh: line 30: sysctl: command not found
* changeRPF Output:
Command changeRPF failed.
---
2022-09-11 00:15:00 : Changing RPF strictness
---
/home/cfusco/bin/rpf.sh: line 29: sysctl: command not found
/home/cfusco/bin/rpf.sh: line 30: sysctl: command not found
* changeRPF Output:
Command changeRPF failed.
do you have any idea why executing the script, fcronuser cannot find sysctl? Itβs not a matter of permission, becase if I run the command as user cfusco, i get
---
2022-09-11 11:27:53 : Changing RPF strictness
---
sysctl: permission denied on key "net.ipv4.conf.default.rp_filter"
sysctl: permission denied on key "net.ipv4.conf.all.rp_filter"
Command changeRPF failed
I am lost here.