diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-19 16:47:21 -0800 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-19 17:00:30 -0800 |
| commit | 6eb5483bb5bba3cb4efcc8d306724840c80ccb33 (patch) | |
| tree | 5b7de62d67772fa94c65f4e4af51eeca38ed8af3 /sysconf/vyatta-sysctl.conf | |
| parent | 153a88d6cee7ae03a36b8b121dbac523bce0acdd (diff) | |
| download | vyatta-cfg-system-6eb5483bb5bba3cb4efcc8d306724840c80ccb33.tar.gz vyatta-cfg-system-6eb5483bb5bba3cb4efcc8d306724840c80ccb33.zip | |
Change how IPV4/IPV6 configuration values are done
1. Move vyatta-sysctl.conf from rl-system.init to procps
This makes configuration happen early (before networking)
2. Do IPV6 configuration for address_flush in rl-system.init
(after IPV6 is loaded)
3. Cleanup shell code for ipv6_params:
* no sudo needed in startup scripts
* use cleaner iteration
Diffstat (limited to 'sysconf/vyatta-sysctl.conf')
| -rw-r--r-- | sysconf/vyatta-sysctl.conf | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 01d2f390..928cd6fb 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -9,12 +9,13 @@ kernel.panic_on_oops=1 # Timeout before rebooting on panic kernel.panic=60 -# Only answer ARP requests on same subnet -net.ipv4.conf.default.arp_filter=1 -net.ipv4.conf.default.arp_ignore=1 - -# avoid local addresses that are not in the target's subnet for this interface -net.ipv4.conf.default.arp_announce=1 +# ARP configuration +# arp_filter - allow multiple network interfaces on same subnet +# arp_announce - avoid local addresses no on target's subnet +# arp_ignore - reply only if target IP is local_address on the interface +net.ipv4.conf.all.arp_filter=1 +net.ipv4.conf.all.arp_ignore=1 +net.ipv4.conf.all.arp_announce=1 # Enable packet forwarding for IPv4 net.ipv4.ip_forward=1 @@ -40,6 +41,7 @@ net.ipv4.icmp_echo_ignore_all=0 # Disable source validation by default net.ipv4.conf.all.rp_filter=0 +net.ipv4.conf.default.rp_filter=0 # Enable tcp syn-cookies by default net.ipv4.tcp_syncookies=1 @@ -48,10 +50,12 @@ net.ipv4.tcp_syncookies=1 net.ipv4.conf.all.accept_redirects=0 # Disable accept_redirects by default for any interface +net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 # Disable accept_source_route by default net.ipv4.conf.all.accept_source_route=0 +net.ipv4.conf.default.accept_source_route=0 # Enable send_redirects by default net.ipv4.conf.all.send_redirects=1 @@ -60,13 +64,3 @@ net.ipv4.conf.all.send_redirects=1 # Enable packet forwarding for IPv6 net.ipv6.conf.all.forwarding=1 - -# Disable ipv6 accept_source_route by default -net.ipv6.conf.default.accept_source_route=-1 - -# Disable ipv6 accept_redirects by default -net.ipv6.conf.default.accept_redirects=0 - -# Keep address when interface goes down -net.ipv6.conf.default.address_flush=0 - |