From 921c0bf78c0984c33797facfe1fe94ee28a7c0bd Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 4 Jun 2011 19:37:15 +0000 Subject: [PATCH] Add sysctl files to configure the kernel for network. --- Makefile | 2 ++ sysctl.d/network-ipv4.conf | 14 ++++++++++++++ sysctl.d/network.conf | 7 +++++++ 3 files changed, 23 insertions(+) create mode 100644 sysctl.d/network-ipv4.conf create mode 100644 sysctl.d/network.conf diff --git a/Makefile b/Makefile index 63944b09..85a5caeb 100644 --- a/Makefile +++ b/Makefile @@ -11,11 +11,13 @@ install: -mkdir -pv $(DESTDIR)/etc/{network,ppp} -mkdir -pv $(DESTDIR)/lib/network -mkdir -pv $(DESTDIR)/sbin + -mkdir -pv $(DESTDIR)/usr/lib/sysctl.d -mkdir -pv $(DESTDIR)/var/log/network install -m 755 -v network $(DESTDIR)/sbin cp -rfv {hooks,header*,functions*} $(DESTDIR)/lib/network/ + cp -fv sysctl.d/* $(DESTDIR)/usr/lib/sysctl.d/ install -m 755 -v ppp/ip-updown $(DESTDIR)/etc/ppp ln -svf ip-updown $(DESTDIR)/etc/ppp/ip-pre-up diff --git a/sysctl.d/network-ipv4.conf b/sysctl.d/network-ipv4.conf new file mode 100644 index 00000000..a6d6e5ec --- /dev/null +++ b/sysctl.d/network-ipv4.conf @@ -0,0 +1,14 @@ +# Kernel configuration file for IPv4 +# + +# Enable IPv4 packet forwarding +net.ipv4.ip_forward = 1 + +# Enable source route verification +net.ipv4.conf.default.rp_filter = 1 + +# Do not accept source routing +net.ipv4.conf.default.accept_source_route = 0 + +# Enable ARP filter +net.ipv4.conf.default.arp_filter = 1 diff --git a/sysctl.d/network.conf b/sysctl.d/network.conf new file mode 100644 index 00000000..9ddfebfb --- /dev/null +++ b/sysctl.d/network.conf @@ -0,0 +1,7 @@ +# Kernel configuration file for the network +# + +# Disable netfilter on bridges. +net.bridge.bridge-nf-call-ip6tables = 0 +net.bridge.bridge-nf-call-iptables = 0 +net.bridge.bridge-nf-call-arptables = 0 -- 2.47.2