summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@vyatta.com>2010-01-19 17:01:49 -0800
committerStig Thormodsrud <stig@vyatta.com>2010-01-19 17:01:49 -0800
commit87f79c9d17a9295e8a890576cb0d8442a3711546 (patch)
tree57d31e77e2e0a9e544b6a2c6a014667f4318cd73
parentdfcecc70a00da8d70f9e4b7d365385a9b5212070 (diff)
parent6feb00807447d77299236a758f76c134f2b30f5b (diff)
downloadvyatta-cfg-system-87f79c9d17a9295e8a890576cb0d8442a3711546.tar.gz
vyatta-cfg-system-87f79c9d17a9295e8a890576cb0d8442a3711546.zip
Merge branch 'kenwood' of http://git.vyatta.com/vyatta-cfg-system into kenwood
-rw-r--r--debian/changelog13
-rw-r--r--debian/vyatta-cfg-system.postinst.in2
-rwxr-xr-xscripts/rl-system.init30
-rw-r--r--sysconf/vyatta-sysctl.conf26
4 files changed, 35 insertions, 36 deletions
diff --git a/debian/changelog b/debian/changelog
index ffabf34f..fff93718 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+vyatta-cfg-system (0.16.18) unstable; urgency=low
+
+ [ Stephen Hemminger ]
+ * Restrict radius-server timeout value
+
+ [ Robert Bays ]
+ * fix bug 5226: Hostname does not allow number as first char
+
+ [ Stephen Hemminger ]
+ * Change how IPV4/IPV6 configuration values are done
+
+ -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 19 Jan 2010 17:00:39 -0800
+
vyatta-cfg-system (0.16.17) unstable; urgency=low
* Fix snmp trap-source
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index c2b374c8..1e77d69d 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -129,6 +129,8 @@ EOF
# Install pamradius config (should come with radius client eventually)
cp $sysconfdir/pam_radius.cfg /usr/share/pam-configs/radius
+
+ cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf
fi
if [ "$sysconfdir" != "/opt/vyatta/etc" ]; then
diff --git a/scripts/rl-system.init b/scripts/rl-system.init
index ee113ff6..d37e651c 100755
--- a/scripts/rl-system.init
+++ b/scripts/rl-system.init
@@ -137,29 +137,19 @@ create_ssh_host_keys () {
set_ipv6_params ()
{
- # default values for ipv6 parameters do not take effect for interfaces at
- # boot time, so copy over default values to their interface specific
- # parameter
-
+ # diffcult to set new default values for IPV6 earlier
if [ ! -d /proc/sys/net/ipv6 ]; then
# Skip it if IPv6 is not loaded
return
fi
- ipv6_params=(accept_source_route accept_redirects)
- num_ipv6_params=${#ipv6_params[*]}
- i=0
- while [ $i -lt $num_ipv6_params ]; do
- default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}`
- array=(`ls /proc/sys/net/ipv6/conf/`)
- array_len=${#array[*]}
- j=0
- while [ $j -lt $array_len ]; do
- sudo sh -c "echo $default_val > \
- /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}"
- let j++
- done
- let i++
+ # These values all should be disabled
+ for p in accept_source_route accept_redirects address_flush
+ do
+ for d in /proc/sys/net/ipv6/conf/*
+ do
+ echo 0 > $d/$p
+ done
done
}
@@ -188,10 +178,10 @@ start () {
setup_ntp_config_file
add_new_serial_if || \
log_failure_msg "can\'t add serial interfaces"
- sysctl -q -e -p /opt/vyatta/etc/vyatta-sysctl.conf ||
- log_failure_msg "can\'t configure kernel settings"
+
set_ipv6_params
pam_reset
+
update_version_info
## Clear out apt config file--it will be filled in by rtrmgr
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index 01d2f390..928cd6fb 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -9,12 +9,13 @@ kernel.panic_on_oops=1
# Timeout before rebooting on panic
kernel.panic=60
-# Only answer ARP requests on same subnet
-net.ipv4.conf.default.arp_filter=1
-net.ipv4.conf.default.arp_ignore=1
-
-# avoid local addresses that are not in the target's subnet for this interface
-net.ipv4.conf.default.arp_announce=1
+# ARP configuration
+# arp_filter - allow multiple network interfaces on same subnet
+# arp_announce - avoid local addresses no on target's subnet
+# arp_ignore - reply only if target IP is local_address on the interface
+net.ipv4.conf.all.arp_filter=1
+net.ipv4.conf.all.arp_ignore=1
+net.ipv4.conf.all.arp_announce=1
# Enable packet forwarding for IPv4
net.ipv4.ip_forward=1
@@ -40,6 +41,7 @@ net.ipv4.icmp_echo_ignore_all=0
# Disable source validation by default
net.ipv4.conf.all.rp_filter=0
+net.ipv4.conf.default.rp_filter=0
# Enable tcp syn-cookies by default
net.ipv4.tcp_syncookies=1
@@ -48,10 +50,12 @@ net.ipv4.tcp_syncookies=1
net.ipv4.conf.all.accept_redirects=0
# Disable accept_redirects by default for any interface
+net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
# Disable accept_source_route by default
net.ipv4.conf.all.accept_source_route=0
+net.ipv4.conf.default.accept_source_route=0
# Enable send_redirects by default
net.ipv4.conf.all.send_redirects=1
@@ -60,13 +64,3 @@ net.ipv4.conf.all.send_redirects=1
# Enable packet forwarding for IPv6
net.ipv6.conf.all.forwarding=1
-
-# Disable ipv6 accept_source_route by default
-net.ipv6.conf.default.accept_source_route=-1
-
-# Disable ipv6 accept_redirects by default
-net.ipv6.conf.default.accept_redirects=0
-
-# Keep address when interface goes down
-net.ipv6.conf.default.address_flush=0
-