1 files changed, 10 insertions, 16 deletions

diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index 01d2f390..928cd6fb 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -9,12 +9,13 @@ kernel.panic_on_oops=1
 # Timeout before rebooting on panic
 kernel.panic=60
 
-# Only answer ARP requests on same subnet
-net.ipv4.conf.default.arp_filter=1
-net.ipv4.conf.default.arp_ignore=1
-
-# avoid local addresses that are not in the target's subnet for this interface
-net.ipv4.conf.default.arp_announce=1
+# ARP configuration
+#  arp_filter - allow multiple network interfaces on same subnet
+#  arp_announce - avoid local addresses no on target's subnet
+#  arp_ignore - reply only if target IP is local_address on the interface
+net.ipv4.conf.all.arp_filter=1
+net.ipv4.conf.all.arp_ignore=1
+net.ipv4.conf.all.arp_announce=1
 
 # Enable packet forwarding for IPv4
 net.ipv4.ip_forward=1
@@ -40,6 +41,7 @@ net.ipv4.icmp_echo_ignore_all=0
 
 # Disable source validation by default
 net.ipv4.conf.all.rp_filter=0
+net.ipv4.conf.default.rp_filter=0
 
 # Enable tcp syn-cookies by default
 net.ipv4.tcp_syncookies=1
@@ -48,10 +50,12 @@ net.ipv4.tcp_syncookies=1
 net.ipv4.conf.all.accept_redirects=0
 
 # Disable accept_redirects by default for any interface
+net.ipv4.conf.all.accept_redirects=0
 net.ipv4.conf.default.accept_redirects=0
 
 # Disable accept_source_route by default
 net.ipv4.conf.all.accept_source_route=0
+net.ipv4.conf.default.accept_source_route=0
 
 # Enable send_redirects by default
 net.ipv4.conf.all.send_redirects=1
@@ -60,13 +64,3 @@ net.ipv4.conf.all.send_redirects=1
 
 # Enable packet forwarding for IPv6
 net.ipv6.conf.all.forwarding=1
-
-# Disable ipv6 accept_source_route by default
-net.ipv6.conf.default.accept_source_route=-1
-
-# Disable ipv6 accept_redirects by default
-net.ipv6.conf.default.accept_redirects=0
-
-# Keep address when interface goes down
-net.ipv6.conf.default.address_flush=0
-