Commit e26bdd97 authored by David S. Miller's avatar David S. Miller

[ip-sysctl.txt]: Clarify conf/*/ behavior.

parent 4798a0d2
...@@ -351,15 +351,26 @@ igmp_max_memberships - INTEGER ...@@ -351,15 +351,26 @@ igmp_max_memberships - INTEGER
Change the maximum number of multicast groups we can subscribe to. Change the maximum number of multicast groups we can subscribe to.
Default: 20 Default: 20
conf/interface/*: conf/interface/* changes special settings per interface (where "interface" is
conf/all/* is special and changes the settings for all interfaces. the name of your network interface)
Change special settings per interface. conf/all/* is special, changes the settings for all interfaces
log_martians - BOOLEAN log_martians - BOOLEAN
Log packets with impossible addresses to kernel log. Log packets with impossible addresses to kernel log.
log_martians for the interface will be enabled if at least one of
conf/{all,interface}/log_martians is set to TRUE,
it will be disabled otherwise
accept_redirects - BOOLEAN accept_redirects - BOOLEAN
Accept ICMP redirect messages. Accept ICMP redirect messages.
accept_redirects for the interface will be enabled if:
- both conf/{all,interface}/accept_redirects are TRUE in the case forwarding
for the interface is enabled
or
- at least one of conf/{all,interface}/accept_redirects is TRUE in the case
forwarding for the interface is disabled
accept_redirects for the interface will be disabled otherwise
default TRUE (host) default TRUE (host)
FALSE (router) FALSE (router)
...@@ -369,6 +380,8 @@ forwarding - BOOLEAN ...@@ -369,6 +380,8 @@ forwarding - BOOLEAN
mc_forwarding - BOOLEAN mc_forwarding - BOOLEAN
Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
and a multicast routing daemon is required. and a multicast routing daemon is required.
conf/all/mc_forwarding must also be set to TRUE to enable multicast routing
for the interface
medium_id - INTEGER medium_id - INTEGER
Integer value used to differentiate the devices by the medium they Integer value used to differentiate the devices by the medium they
...@@ -383,30 +396,46 @@ medium_id - INTEGER ...@@ -383,30 +396,46 @@ medium_id - INTEGER
proxy_arp - BOOLEAN proxy_arp - BOOLEAN
Do proxy arp. Do proxy arp.
proxy_arp for the interface will be enabled if at least one of
conf/{all,interface}/proxy_arp is set to TRUE,
it will be disabled otherwise
shared_media - BOOLEAN shared_media - BOOLEAN
Send(router) or accept(host) RFC1620 shared media redirects. Send(router) or accept(host) RFC1620 shared media redirects.
Overrides ip_secure_redirects. Overrides ip_secure_redirects.
shared_media for the interface will be enabled if at least one of
conf/{all,interface}/shared_media is set to TRUE,
it will be disabled otherwise
default TRUE default TRUE
secure_redirects - BOOLEAN secure_redirects - BOOLEAN
Accept ICMP redirect messages only for gateways, Accept ICMP redirect messages only for gateways,
listed in default gateway list. listed in default gateway list.
secure_redirects for the interface will be enabled if at least one of
conf/{all,interface}/secure_redirects is set to TRUE,
it will be disabled otherwise
default TRUE default TRUE
send_redirects - BOOLEAN send_redirects - BOOLEAN
Send redirects, if router. Default: TRUE Send redirects, if router.
send_redirects for the interface will be enabled if at least one of
conf/{all,interface}/send_redirects is set to TRUE,
it will be disabled otherwise
Default: TRUE
bootp_relay - BOOLEAN bootp_relay - BOOLEAN
Accept packets with source address 0.b.c.d destined Accept packets with source address 0.b.c.d destined
not to this host as local ones. It is supposed, that not to this host as local ones. It is supposed, that
BOOTP relay daemon will catch and forward such packets. BOOTP relay daemon will catch and forward such packets.
conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
for the interface
default FALSE default FALSE
Not Implemented Yet. Not Implemented Yet.
accept_source_route - BOOLEAN accept_source_route - BOOLEAN
Accept packets with SRR option. Accept packets with SRR option.
conf/all/accept_source_route must also be set to TRUE to accept packets
with SRR option on the interface
default TRUE (router) default TRUE (router)
FALSE (host) FALSE (host)
...@@ -417,7 +446,10 @@ rp_filter - BOOLEAN ...@@ -417,7 +446,10 @@ rp_filter - BOOLEAN
networks running a slow unreliable protocol (sort of RIP), networks running a slow unreliable protocol (sort of RIP),
or using static routes. or using static routes.
0 - No source validation. 0 - No source validation.
conf/all/rp_filter must also be set to TRUE to do source validation
on the interface
Default value is 0. Note that some distributions enable it Default value is 0. Note that some distributions enable it
in startup scripts. in startup scripts.
...@@ -437,6 +469,10 @@ arp_filter - BOOLEAN ...@@ -437,6 +469,10 @@ arp_filter - BOOLEAN
particular interfaces. Only for more complex setups like load- particular interfaces. Only for more complex setups like load-
balancing, does this behaviour cause problems. balancing, does this behaviour cause problems.
arp_filter for the interface will be enabled if at least one of
conf/{all,interface}/arp_filter is set to TRUE,
it will be disabled otherwise
tag - INTEGER tag - INTEGER
Allows you to write a number, which can be used as required. Allows you to write a number, which can be used as required.
Default value is 0. Default value is 0.
...@@ -451,8 +487,8 @@ kuznet@ms2.inr.ac.ru ...@@ -451,8 +487,8 @@ kuznet@ms2.inr.ac.ru
Updated by: Updated by:
Andi Kleen Andi Kleen
ak@muc.de ak@muc.de
Nicolas Delon
delon.nicolas@wanadoo.fr
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment