diff options
author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-24 18:36:18 -0800 |
---|---|---|
committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-24 18:36:18 -0800 |
commit | b95709587c7e34d1312c0563a76461cd625156d3 (patch) | |
tree | 0ebadaf6efd8d677237250cfa9a972ab212dcaec | |
parent | 98a126d1df8f05668dd3f2d68d64e23c92168dd9 (diff) | |
download | vyatta-cfg-system-b95709587c7e34d1312c0563a76461cd625156d3.tar.gz vyatta-cfg-system-b95709587c7e34d1312c0563a76461cd625156d3.zip |
set default values for ipv6 accept_redirects and accept_source_route
-rwxr-xr-x | scripts/rl-system.init | 22 | ||||
-rw-r--r-- | sysconf/vyatta-sysctl.conf | 6 |
2 files changed, 28 insertions, 0 deletions
diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 5a042c73..a568bfa7 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -134,6 +134,27 @@ create_ssh_host_keys () { fi; } +set_ipv6_params () +{ + # default values for ipv6 parameters do not take effect for interfaces at boot + # time, so copy over default values to their interface specific parameter + ipv6_params=(accept_source_route accept_redirects) + num_ipv6_params=${#ipv6_params[*]} + i=0 + while [ $i -lt $num_ipv6_params ]; do + default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}` + array=(`ls /proc/sys/net/ipv6/conf/`) + array_len=${#array[*]} + j=0 + while [ $j -lt $array_len ]; do + sudo sh -c "echo $default_val > \ + /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}" + let j++ + done + let i++ + done +} + start () { udev_rescan create_ssh_host_keys || \ @@ -144,6 +165,7 @@ start () { log_failure_msg "can\'t add serial interfaces" sysctl -q -p /opt/vyatta/etc/vyatta-sysctl.conf || log_failure_msg "can\'t configure kernel settings" + set_ipv6_params update_version_info ## Clear out apt config file--it will be filled in by rtrmgr diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index f1265e3b..24dce03a 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -54,3 +54,9 @@ net.ipv4.conf.all.accept_source_route=0 # Enable send_redirects by default net.ipv4.conf.all.send_redirects=1 + +# Disable ipv6 accept_source_route by default +net.ipv6.conf.default.accept_source_route=-1 + +# Disable ipv6 accept_redirects by default +net.ipv6.conf.default.accept_redirects=0 |