From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 4 Jun 2011 19:37:15 +0000 (+0000)
Subject: Add sysctl files to configure the kernel for network.
X-Git-Tag: 001~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=921c0bf78c0984c33797facfe1fe94ee28a7c0bd;p=network.git

Add sysctl files to configure the kernel for network.
---

diff --git a/Makefile b/Makefile
index 63944b09..85a5caeb 100644
--- a/Makefile
+++ b/Makefile
@@ -11,11 +11,13 @@ install:
 	-mkdir -pv $(DESTDIR)/etc/{network,ppp}
 	-mkdir -pv $(DESTDIR)/lib/network
 	-mkdir -pv $(DESTDIR)/sbin
+	-mkdir -pv $(DESTDIR)/usr/lib/sysctl.d
 	-mkdir -pv $(DESTDIR)/var/log/network
 
 	install -m 755 -v network $(DESTDIR)/sbin
 
 	cp -rfv {hooks,header*,functions*} $(DESTDIR)/lib/network/
+	cp -fv  sysctl.d/* $(DESTDIR)/usr/lib/sysctl.d/
 
 	install -m 755 -v ppp/ip-updown $(DESTDIR)/etc/ppp
 	ln -svf ip-updown $(DESTDIR)/etc/ppp/ip-pre-up
diff --git a/sysctl.d/network-ipv4.conf b/sysctl.d/network-ipv4.conf
new file mode 100644
index 00000000..a6d6e5ec
--- /dev/null
+++ b/sysctl.d/network-ipv4.conf
@@ -0,0 +1,14 @@
+# Kernel configuration file for IPv4
+#
+
+# Enable IPv4 packet forwarding
+net.ipv4.ip_forward = 1
+
+# Enable source route verification
+net.ipv4.conf.default.rp_filter = 1
+
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+
+# Enable ARP filter
+net.ipv4.conf.default.arp_filter = 1
diff --git a/sysctl.d/network.conf b/sysctl.d/network.conf
new file mode 100644
index 00000000..9ddfebfb
--- /dev/null
+++ b/sysctl.d/network.conf
@@ -0,0 +1,7 @@
+# Kernel configuration file for the network
+#
+
+# Disable netfilter on bridges.
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0