mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
sysctl: set ipv4 settings in a race-free way
Fixes #6282. This solution is a bit busy, but we close the race without setting *.all.*, so it is still possible to set a different setting for particular interfaces. Setting just "default" is not very useful because any interfaces present before systemd-sysctl is invoked are not affected. Setting "all" is too harsh, because the kernel takes the stronger of the device-specific setting and the "all" value, so effectively having a weaker setting for specific interfaces is not possible.
This commit is contained in:
parent
e0f424790d
commit
5d4fc0e665
@ -23,12 +23,18 @@ kernel.core_uses_pid = 1
|
||||
|
||||
# Source route verification
|
||||
net.ipv4.conf.default.rp_filter = 2
|
||||
net.ipv4.conf.*.rp_filter = 2
|
||||
-net.ipv4.conf.all.rp_filter
|
||||
|
||||
# Do not accept source routing
|
||||
net.ipv4.conf.default.accept_source_route = 0
|
||||
net.ipv4.conf.*.accept_source_route = 0
|
||||
-net.ipv4.conf.all.accept_source_route
|
||||
|
||||
# Promote secondary addresses when the primary address is removed
|
||||
net.ipv4.conf.default.promote_secondaries = 1
|
||||
net.ipv4.conf.*.promote_secondaries = 1
|
||||
-net.ipv4.conf.all.promote_secondaries
|
||||
|
||||
# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
|
||||
# The upper limit is set to 2^31-1. Values greater than that get rejected by
|
||||
|
Loading…
Reference in New Issue
Block a user