summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMohit Mehta <mohit.mehta@vyatta.com>2009-02-24 18:36:18 -0800
committerMohit Mehta <mohit.mehta@vyatta.com>2009-02-24 18:36:18 -0800
commitb95709587c7e34d1312c0563a76461cd625156d3 (patch)
tree0ebadaf6efd8d677237250cfa9a972ab212dcaec
parent98a126d1df8f05668dd3f2d68d64e23c92168dd9 (diff)
downloadvyatta-cfg-system-b95709587c7e34d1312c0563a76461cd625156d3.tar.gz
vyatta-cfg-system-b95709587c7e34d1312c0563a76461cd625156d3.zip
set default values for ipv6 accept_redirects and accept_source_route
-rwxr-xr-xscripts/rl-system.init22
-rw-r--r--sysconf/vyatta-sysctl.conf6
2 files changed, 28 insertions, 0 deletions
diff --git a/scripts/rl-system.init b/scripts/rl-system.init
index 5a042c73..a568bfa7 100755
--- a/scripts/rl-system.init
+++ b/scripts/rl-system.init
@@ -134,6 +134,27 @@ create_ssh_host_keys () {
fi;
}
+set_ipv6_params ()
+{
+ # default values for ipv6 parameters do not take effect for interfaces at boot
+ # time, so copy over default values to their interface specific parameter
+ ipv6_params=(accept_source_route accept_redirects)
+ num_ipv6_params=${#ipv6_params[*]}
+ i=0
+ while [ $i -lt $num_ipv6_params ]; do
+ default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}`
+ array=(`ls /proc/sys/net/ipv6/conf/`)
+ array_len=${#array[*]}
+ j=0
+ while [ $j -lt $array_len ]; do
+ sudo sh -c "echo $default_val > \
+ /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}"
+ let j++
+ done
+ let i++
+ done
+}
+
start () {
udev_rescan
create_ssh_host_keys || \
@@ -144,6 +165,7 @@ start () {
log_failure_msg "can\'t add serial interfaces"
sysctl -q -p /opt/vyatta/etc/vyatta-sysctl.conf ||
log_failure_msg "can\'t configure kernel settings"
+ set_ipv6_params
update_version_info
## Clear out apt config file--it will be filled in by rtrmgr
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index f1265e3b..24dce03a 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -54,3 +54,9 @@ net.ipv4.conf.all.accept_source_route=0
# Enable send_redirects by default
net.ipv4.conf.all.send_redirects=1
+
+# Disable ipv6 accept_source_route by default
+net.ipv6.conf.default.accept_source_route=-1
+
+# Disable ipv6 accept_redirects by default
+net.ipv6.conf.default.accept_redirects=0