[PATCH] sysctl.conf/configurenetwork: Harmonize "all" and "default"

Adrian Schmutzler freifunk at adrianschmutzler.de
Di Jan 30 12:57:00 CET 2018 

This harmonizes settings for all and default and applies WAN-
specific settings only directly to the WAN interface by using
configurenetwork.

Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>

---

This patch requires the configurenetwork tidy-up patches beforehand.

It effectively reverts most of the changes in
https://github.com/FreifunkFranken/firmware/commit/118d7d8236d6e3dc67ae68fa41a29fe96de21ac1#diff-e442ca9025162ec51dcb665a6f9e0327

For more info, see
https://mantis.freifunk-franken.de/view.php?id=83

Note that this does NOT FIX the ULA IPv6 issue, but only prepares
the way there.
---
 bsp/default/root_file_system/etc/sysctl.conf       | 22 ++++++++++++----------
 .../fff-network/files/usr/sbin/configurenetwork    |  5 +++--
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf
index f6d85a7..d1da18d 100644
--- a/bsp/default/root_file_system/etc/sysctl.conf
+++ b/bsp/default/root_file_system/etc/sysctl.conf
@@ -1,5 +1,7 @@
 kernel.panic=3
 net.ipv4.conf.default.arp_ignore=1
+net.ipv4.conf.default.forwarding=0
+net.ipv4.conf.default.send_redirects=0
 net.ipv4.conf.all.arp_ignore=1
 net.ipv4.conf.all.forwarding=0
 net.ipv4.conf.all.send_redirects=0
@@ -18,6 +20,7 @@ net.netfilter.nf_conntrack_checksum=0
 
 #Controls source route verification
 net.ipv4.conf.default.rp_filter=1
+net.ipv4.conf.all.rp_filter=1
 
 #Do not accept source routing
 net.ipv4.conf.all.accept_source_route=0
@@ -27,7 +30,6 @@ net.ipv4.conf.default.accept_redirects=0
 net.ipv4.icmp_echo_ignore_broadcasts=1
 net.ipv4.icmp_ignore_bogus_error_responses=1
 net.ipv4.ip_forward=0
-# net.ipv6.conf.all.forwarding=1
 
 # disable bridge firewalling by default
 net.bridge.bridge-nf-call-arptables=0
@@ -38,29 +40,29 @@ net.ipv6.conf.default.accept_dad=0
 net.ipv6.conf.default.accept_ra=0
 net.ipv6.conf.default.accept_redirects=0
 net.ipv6.conf.all.accept_dad=0
-net.ipv6.conf.all.accept_ra=1
+net.ipv6.conf.all.accept_ra=0
 net.ipv6.conf.all.accept_redirects=0
 
 # Number of Router Solicitations to send until assuming no routers are present.
 # This is host and not router
 net.ipv6.conf.default.router_solicitations = 0
 net.ipv6.conf.all.router_solicitations = 0
- 
+
 # Accept Router Preference in RA?
 net.ipv6.conf.default.accept_ra_rtr_pref = 0
-net.ipv6.conf.all.accept_ra_rtr_pref = 1
- 
+net.ipv6.conf.all.accept_ra_rtr_pref = 0
+
 # Learn Prefix Information in Router Advertisement
 net.ipv6.conf.default.accept_ra_pinfo = 0
-net.ipv6.conf.all.accept_ra_pinfo = 1
- 
+net.ipv6.conf.all.accept_ra_pinfo = 0
+
 # Setting controls whether the system will accept Hop Limit settings from a router advertisement
 net.ipv6.conf.default.accept_ra_defrtr = 0
-net.ipv6.conf.all.accept_ra_defrtr = 1
+net.ipv6.conf.all.accept_ra_defrtr = 0
 
 #router advertisements can cause the system to assign a global unicast address to an interface
 net.ipv6.conf.default.autoconf = 0
-net.ipv6.conf.all.autoconf = 1
+net.ipv6.conf.all.autoconf = 0
 
 #how many neighbor solicitations to send out per address?
 net.ipv6.conf.default.dad_transmits = 3
@@ -68,4 +70,4 @@ net.ipv6.conf.all.dad_transmits = 3
 
 # How many global unicast IPv6 addresses can be assigned to each interface?
 net.ipv6.conf.default.max_addresses = 0
-net.ipv6.conf.all.max_addresses = 0
\ No newline at end of file
+net.ipv6.conf.all.max_addresses = 0
diff --git a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
index 16b3f8c..623eba9 100755
--- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
+++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
@@ -136,10 +136,11 @@ else
 	fi
 fi
 if [ -n "$wanon" ]; then
-	echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" > "$sysctlfile"
+	echo "net.ipv6.conf.$WANDEV.accept_ra=$wanon" > "$sysctlfile"
+	echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >> "$sysctlfile"
 	echo "net.ipv6.conf.$WANDEV.accept_ra_pinfo=$wanon" >> "$sysctlfile"
+	echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" >> "$sysctlfile"
 	echo "net.ipv6.conf.$WANDEV.autoconf=$wanon" >> "$sysctlfile"
-	echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >> "$sysctlfile"
 	# Set values for current session, so no reboot is required
 	sysctl -p "$sysctlfile"
 fi
-- 
2.7.4

Mehr Informationen über die Mailingliste franken-dev