mirror of
https://github.com/systemd/systemd.git
synced 2024-11-01 09:21:26 +03:00
230450d4e4
This switches the RFC3704 Reverse Path filtering from Strict mode to Loose mode. The Strict mode breaks some pretty common and reasonable use cases, such as keeping connections via one default route alive after another one appears (e.g. plugging an Ethernet cable when connected via Wi-Fi). The strict filter also makes it impossible for NetworkManager to do connectivity check on a newly arriving default route (it starts with a higher metric and is bumped lower if there's connectivity). Kernel's default is 0 (no filter), but a Loose filter is good enough. The few use cases where a Strict mode could make sense can easily override this. The distributions that don't care about the client use cases and prefer a strict filter could just ship a custom configuration in /usr/lib/sysctl.d/ to override this.
39 lines
1.2 KiB
Plaintext
39 lines
1.2 KiB
Plaintext
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# See sysctl.d(5) and core(5) for documentation.
|
|
|
|
# To override settings in this file, create a local file in /etc
|
|
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
|
|
# there.
|
|
|
|
# System Request functionality of the kernel (SYNC)
|
|
#
|
|
# Use kernel.sysrq = 1 to allow all keys.
|
|
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list
|
|
# of values and keys.
|
|
kernel.sysrq = 16
|
|
|
|
# Append the PID to the core filename
|
|
kernel.core_uses_pid = 1
|
|
|
|
# Source route verification
|
|
net.ipv4.conf.all.rp_filter = 2
|
|
|
|
# Do not accept source routing
|
|
net.ipv4.conf.all.accept_source_route = 0
|
|
|
|
# Promote secondary addresses when the primary address is removed
|
|
net.ipv4.conf.all.promote_secondaries = 1
|
|
|
|
# Fair Queue CoDel packet scheduler to fight bufferbloat
|
|
net.core.default_qdisc = fq_codel
|
|
|
|
# Enable hard and soft link protection
|
|
fs.protected_hardlinks = 1
|
|
fs.protected_symlinks = 1
|