diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-01-17 12:52:36 +0000 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-01-17 12:52:36 +0000 |
| commit | 84d79403b7e48ca0000aadd6524320acd2585b05 (patch) | |
| tree | b8a2accc57ae932b4b77be111cbd7f93703a9f1f | |
| parent | 2e70f4ba742d4a4569bd48afc311f26ef8a5f8e6 (diff) | |
| download | vyatta-cfg-system-84d79403b7e48ca0000aadd6524320acd2585b05.tar.gz vyatta-cfg-system-84d79403b7e48ca0000aadd6524320acd2585b05.zip | |
T671: sysctl: move file to vyos-1x
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rwxr-xr-x | debian/vyatta-cfg-system.postinst.in | 4 | ||||
| -rw-r--r-- | sysconf/vyatta-sysctl.conf | 98 |
3 files changed, 1 insertions, 102 deletions
diff --git a/Makefile.am b/Makefile.am index 1978c90a..25ecd23f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -63,7 +63,6 @@ sysconf_DATA += sysconf/issue.net sysconf_DATA += sysconf/motd.tail sysconf_DATA += sysconf/rsyslog.conf sysconf_DATA += sysconf/securetty -sysconf_DATA += sysconf/vyatta-sysctl.conf sysconf_DATA += sysconf/level sysconf_DATA += sysconf/filecaps sysconf_DATA += sysconf/capability.conf diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index be73a3ba..d6ea7c53 100755 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -65,9 +65,7 @@ if [ "$sysconfdir" != "/etc" ]; then fi done - cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf - - # Set file capabilities + # Set file capabilities sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' < $sysconfdir/filecaps | \ while read capability path; do touch -c $path diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf deleted file mode 100644 index e336ddbb..00000000 --- a/sysconf/vyatta-sysctl.conf +++ /dev/null @@ -1,98 +0,0 @@ -# -# Vyatta router specific sysctl settings. -# See sysctl.conf (5) for information. -# - -# Panic on OOPS -kernel.panic_on_oops=1 - -# Timeout before rebooting on panic -kernel.panic=60 - -# Send all core files to /var/core/core.program.pid.time -kernel.core_pattern=/var/core/core-%e-%p-%t - -# ARP configuration -# arp_filter - allow multiple network interfaces on same subnet -# arp_announce - avoid local addresses no on target's subnet -# arp_ignore - reply only if target IP is local_address on the interface - -# arp_filter defaults to 1 so set all to 0 so vrrp interfaces can override it. -net.ipv4.conf.all.arp_filter=0 - -# https://phabricator.vyos.net/T300 -net.ipv4.conf.all.arp_ignore=0 - -net.ipv4.conf.all.arp_announce=2 - -# Enable packet forwarding for IPv4 -net.ipv4.ip_forward=1 - -# if a primary address is removed from an interface promote the -# secondary address if available -net.ipv4.conf.all.promote_secondaries=1 - -# Ignore ICMP broadcasts sent to broadcast/multicast -net.ipv4.icmp_echo_ignore_broadcasts=1 - -# Ignore bogus ICMP errors -net.ipv4.icmp_ignore_bogus_error_responses=1 - -# Send ICMP responses with primary address of exiting interface -net.ipv4.icmp_errors_use_inbound_ifaddr=1 - -# Log packets with impossible addresses to kernel log -net.ipv4.conf.all.log_martians=1 - -# Do not ignore all ICMP ECHO requests by default -net.ipv4.icmp_echo_ignore_all=0 - -# Disable source validation by default -net.ipv4.conf.all.rp_filter=0 -net.ipv4.conf.default.rp_filter=0 - -# Enable tcp syn-cookies by default -net.ipv4.tcp_syncookies=1 - -# Disable accept_redirects by default for any interface -net.ipv4.conf.all.accept_redirects=0 -net.ipv4.conf.default.accept_redirects=0 -net.ipv6.conf.all.accept_redirects=0 -net.ipv6.conf.default.accept_redirects=0 - -# Disable accept_source_route by default -net.ipv4.conf.all.accept_source_route=0 -net.ipv4.conf.default.accept_source_route=0 -net.ipv6.conf.all.accept_source_route=0 -net.ipv6.conf.default.accept_source_route=0 - -# Enable send_redirects by default -net.ipv4.conf.all.send_redirects=1 - -# Increase size of buffer for netlink -net.core.rmem_max=2097152 - -# Enable packet forwarding for IPv6 -net.ipv6.conf.all.forwarding=1 - -# Increase route table limit -net.ipv6.route.max_size = 262144 - -# Do not forget IPv6 addresses when a link goes down -net.ipv6.conf.default.keep_addr_on_down=1 -net.ipv6.conf.all.keep_addr_on_down=1 - -# Default value of 20 seems to interfere with larger OSPF and VRRP setups -net.ipv4.igmp_max_memberships = 512 - -# Enable conntrack helper by default -net.netfilter.nf_conntrack_helper=1 - -# Increase default garbage collection thresholds -net.ipv4.neigh.default.gc_thresh1 = 1024 -net.ipv4.neigh.default.gc_thresh2 = 4096 -net.ipv4.neigh.default.gc_thresh3 = 8192 -# -net.ipv6.neigh.default.gc_thresh1 = 1024 -net.ipv6.neigh.default.gc_thresh2 = 4096 -net.ipv6.neigh.default.gc_thresh3 = 8192 |