diff options
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rwxr-xr-x | scripts/rl-system.init | 17 | ||||
| -rw-r--r-- | sysconf/vyatta-sysctl.conf | 23 |
3 files changed, 26 insertions, 15 deletions
diff --git a/Makefile.am b/Makefile.am index 9e35f778..1af11a16 100644 --- a/Makefile.am +++ b/Makefile.am @@ -38,6 +38,7 @@ sysconf_DATA += sysconf/logrotate_messages sysconf_DATA += sysconf/motd.tail sysconf_DATA += sysconf/syslog.conf sysconf_DATA += sysconf/default_ssh +sysconf_DATA += sysconf/vyatta-sysctl.conf libudev_SCRIPTS = scripts/vyatta_net_name etcudev_DATA = sysconf/vyatta-net.rules diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 5b81a4fd..a3a49aa3 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -78,21 +78,6 @@ add_new_serial_if () { fi } -proc_flags () -{ - # reset_promiscous_arp_response - echo 1 > /proc/sys/net/ipv4/conf/default/arp_filter - # set_ip_forwarding - echo 1 > /proc/sys/net/ipv4/ip_forward - - # if a primary address is removed from an interface promote and - # secondary available - echo 1 > /proc/sys/net/ipv4/conf/all/promote_secondaries - - # set maximum rmem_max to accomodate netlink buffers - echo 1048576 > /proc/sys/net/core/rmem_max -} - ## Update the version information update_version_info () { if [ -f ${vyatta_sysconfdir}/version.master ]; then @@ -157,6 +142,8 @@ start () { log_failure_msg "can\'t set reboot on panic" add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" + sysctl -q -p /etc/vyatta-sysctl.conf || + log_failure_msg "can\'t configure kernel settings" update_version_info clear_apt_config add_snmp_stats_module diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf new file mode 100644 index 00000000..73c4c8ff --- /dev/null +++ b/sysconf/vyatta-sysctl.conf @@ -0,0 +1,23 @@ +# +# Vyatta router specific sysctl settings. +# See sysctl.conf (5) for information. +# + +# Only answer ARP requests on same subnet +net.ipv4.conf.default.arp_filter=1 + +# Enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# if a primary address is removed from an interface promote the +# secondary address if available +net.ipv4.conf.all.promote_secondaries=1 + +# Ignore ICMP broadcasts sent to broadcast/multicast +net.ipv4.icmp_echo_ignore_broadcasts=1 + +# Ignore bogus ICMP errors +net.ipv4.icmp_ignore_bogus_error_responses=1 + +# Send ICMP responses with primary address of exiting interface +net.ipv4.icmp_errors_use_inbound_ifaddr=1 |