blob: d00147459bfc0448817f311c21ac7cee35cb9caa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/bin/sh
cp -f /opt/vyatta/etc/default_ssh /etc/default/ssh
>/etc/pam_radius_auth.conf
update_sysctl_conf ()
{
var=$1
val=$2
comment=$3
sysctl_conf=/etc/sysctl.conf
if grep -q "^${var}[[:space:]]*=" $sysctl_conf ; then
sed -i "/^${var}[[:space:]]*=/ s,=.*,= ${val}," $sysctl_conf
elif grep -q "^#[[:space:]]*${var}[[:space:]]*=" $sysctl_conf ; then
sed -i "/^#[[:space:]]*${var}[[:space:]]*=/ { s,^#[[:space:]]*,, ; s,[[:space:]]*=.*, = ${val},} " $sysctl_conf
else
cat <<-EOF >> $sysctl_conf
# $comment
$var = $val
EOF
fi
}
update_sysctl_conf kernel.printk "4 4 1 7" \
"the following stops low-level messages on console"
update_sysctl_conf net.ipv4.conf.all.promote_secondaries 1 \
"promote secondaries with removal of primary address"
update_sysctl_conf net.ipv4.ip_forward 1 \
"enable ipv4 forwarding"
# FIXME! need to load or staticly link ipv6 module before adding this.
# update_sysctl_conf net.ipv6.conf.all.forwarding 1 \
# "enable ipv6 forwarding"
update_sysctl_conf net.core.rmem_max 223232 \
"maximize netlink buffers"
update_sysctl_conf net.ipv4.conf.all.send_redirects 0 \
"disable IPv4 ICMP redirects"
update_sysctl_conf net.ipv4.conf.default.send_redirects 0 \
"disable IPv4 ICMP redirects"
# Local Variables:
# mode: shell-script
# sh-indentation: 4
# End:
|