Add sysctl files to configure the kernel for network.

diff --git a/Makefile b/Makefile
index 63944b09004832e739c493720f262990f9ae3414..85a5caeba4b856026e04b9acf32657542fc21b23 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -11,11 +11,13 @@ install:
        -mkdir -pv $(DESTDIR)/etc/{network,ppp}
        -mkdir -pv $(DESTDIR)/lib/network
        -mkdir -pv $(DESTDIR)/sbin
+       -mkdir -pv $(DESTDIR)/usr/lib/sysctl.d
        -mkdir -pv $(DESTDIR)/var/log/network
 
        install -m 755 -v network $(DESTDIR)/sbin
 
        cp -rfv {hooks,header*,functions*} $(DESTDIR)/lib/network/
+       cp -fv  sysctl.d/* $(DESTDIR)/usr/lib/sysctl.d/
 
        install -m 755 -v ppp/ip-updown $(DESTDIR)/etc/ppp
        ln -svf ip-updown $(DESTDIR)/etc/ppp/ip-pre-up

diff --git a/sysctl.d/network-ipv4.conf b/sysctl.d/network-ipv4.conf
new file mode 100644 (file)
index 0000000..a6d6e5e
--- /dev/null
+++ b/sysctl.d/network-ipv4.conf
@@ -0,0 +1,14 @@
+# Kernel configuration file for IPv4
+#
+
+# Enable IPv4 packet forwarding
+net.ipv4.ip_forward = 1
+
+# Enable source route verification
+net.ipv4.conf.default.rp_filter = 1
+
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+
+# Enable ARP filter
+net.ipv4.conf.default.arp_filter = 1

diff --git a/sysctl.d/network.conf b/sysctl.d/network.conf
new file mode 100644 (file)
index 0000000..9ddfebf
--- /dev/null
+++ b/sysctl.d/network.conf
@@ -0,0 +1,7 @@
+# Kernel configuration file for the network
+#
+
+# Disable netfilter on bridges.
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0