diff options
| -rwxr-xr-x | scripts/rl-system.init | 24 | ||||
| -rw-r--r-- | sysconf/vyatta-sysctl.conf | 10 |
2 files changed, 7 insertions, 27 deletions
diff --git a/scripts/rl-system.init b/scripts/rl-system.init index a42f115b..043b1ede 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -118,29 +118,6 @@ create_ssh_host_keys () { fi; } -set_ipv6_params () -{ - rm -f /var/run/vyatta/ipv6_no_fwd.* - - # difficult to set new default values for IPV6 earlier - if [ ! -d /proc/sys/net/ipv6 ]; then - # Skip it if IPv6 is not loaded - return - fi - - # Increase route table limit - echo 262144 >/proc/sys/net/ipv6/route/max_size - - # These values all should be disabled - for p in accept_source_route accept_redirects - do - for d in /proc/sys/net/ipv6/conf/* - do - echo 0 > $d/$p - done - done -} - # These are all the default security setting which are later # overridden when configuration is read. These are the values the # system defaults. @@ -177,7 +154,6 @@ start () { add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" - set_ipv6_params security_reset update_version_info diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 01ae92f8..e336ddbb 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -54,16 +54,17 @@ net.ipv4.conf.default.rp_filter=0 # Enable tcp syn-cookies by default net.ipv4.tcp_syncookies=1 -# Disable accept_redirects for all -net.ipv4.conf.all.accept_redirects=0 - # Disable accept_redirects by default for any interface net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 +net.ipv6.conf.all.accept_redirects=0 +net.ipv6.conf.default.accept_redirects=0 # Disable accept_source_route by default net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 +net.ipv6.conf.all.accept_source_route=0 +net.ipv6.conf.default.accept_source_route=0 # Enable send_redirects by default net.ipv4.conf.all.send_redirects=1 @@ -74,6 +75,9 @@ net.core.rmem_max=2097152 # Enable packet forwarding for IPv6 net.ipv6.conf.all.forwarding=1 +# Increase route table limit +net.ipv6.route.max_size = 262144 + # Do not forget IPv6 addresses when a link goes down net.ipv6.conf.default.keep_addr_on_down=1 net.ipv6.conf.all.keep_addr_on_down=1 |