#!/bin/sh

cp -f /opt/vyatta/etc/default_ssh /etc/default/ssh
>/etc/pam_radius_auth.conf

update_sysctl_conf ()
{
    var=$1
    val=$2
    comment=$3
    sysctl_conf=/etc/sysctl.conf

    if grep -q "^${var}[[:space:]]*=" $sysctl_conf ; then
	sed -i "/^${var}[[:space:]]*=/ s,=.*,= ${val}," $sysctl_conf
    elif grep -q "^#[[:space:]]*${var}[[:space:]]*=" $sysctl_conf ; then
	sed -i "/^#[[:space:]]*${var}[[:space:]]*=/ { s,^#[[:space:]]*,, ; s,[[:space:]]*=.*, = ${val},} " $sysctl_conf
    else
	cat <<-EOF >> $sysctl_conf

	# $comment
	$var = $val
	EOF
    fi
}

update_sysctl_conf kernel.printk "4 4 1 7" \
    "the following stops low-level messages on console"
update_sysctl_conf net.ipv4.conf.all.promote_secondaries 1 \
    "promote secondaries with removal of primary address"
update_sysctl_conf net.ipv4.ip_forward 1 \
    "enable ipv4 forwarding"
# FIXME! need to load or staticly link ipv6 module before adding this.
# update_sysctl_conf net.ipv6.conf.all.forwarding 1 \
#    "enable ipv6 forwarding"
update_sysctl_conf net.core.rmem_max 223232 \
    "maximize netlink buffers"
update_sysctl_conf net.ipv4.conf.all.send_redirects 0 \
    "disable IPv4 ICMP redirects"
update_sysctl_conf net.ipv4.conf.default.send_redirects 0 \
    "disable IPv4 ICMP redirects"

# Local Variables:
# mode: shell-script
# sh-indentation: 4
# End: