[PATCH v2 1/5] bsp/default: move network sysctl's to fff-network

Christian Dresel fff at chrisi01.de
Sa Mär 3 21:27:52 CET 2018


Hi

ich häng mich dran, wenn das "w" das zuviel da war noch gefixt wird (wie
bereits in deiner Mail erwähnt) dann ein:

Reviewed-by: Christian Dresel <fff at chrisi01.de>
Tested-by: Christian Dresel <fff at chrisi01.de>
getestet auf einen wr841v10 mit dem manuell entfernten "w".

mfg

Christian

On 03.03.2018 19:07, robert wrote:
> Hi Tim,
> 
> du hast ja alles eingebaut was ich vorgeschlagen hab :) drum sofort ein
> 
> Reviewed-by: Robert Langhgammer <rlanghammer at web.de>
> 
> von mir fuer das ganze Patchset.
> 
> Am 03.03.2018 um 18:11 schrieb Tim Niemeyer:
>> Signed-off-by: Tim Niemeyer <tim at tn-x.org>
>> ---
>>
>> Changes in v2: None
>>
>>  bsp/default/root_file_system/etc/sysctl.conf       | 70 ----------------------
>>  .../files/etc/sysctl.d/50-fff-network.conf         | 70 ++++++++++++++++++++++
>>  2 files changed, 70 insertions(+), 70 deletions(-)
>>  create mode 100644 src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
>>
>> diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf
>> index f6d85a7..34ce708 100644
>> --- a/bsp/default/root_file_system/etc/sysctl.conf
>> +++ b/bsp/default/root_file_system/etc/sysctl.conf
>> @@ -1,71 +1 @@
>>  kernel.panic=3
>> -net.ipv4.conf.default.arp_ignore=1
>> -net.ipv4.conf.all.arp_ignore=1
>> -net.ipv4.conf.all.forwarding=0
>> -net.ipv4.conf.all.send_redirects=0
>> -net.ipv4.tcp_ecn=0
>> -net.ipv4.tcp_fin_timeout=30
>> -net.ipv4.tcp_keepalive_time=120
>> -net.ipv4.tcp_syncookies=1
>> -net.ipv4.tcp_timestamps=0
>> -net.ipv4.netfilter.ip_conntrack_checksum=0
>> -net.ipv4.netfilter.ip_conntrack_max=16384
>> -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
>> -net.ipv4.netfilter.ip_conntrack_udp_timeout=60
>> -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
>> -net.core.netdev_max_backlog=30
>> -net.netfilter.nf_conntrack_checksum=0
>> -
>> -#Controls source route verification
>> -net.ipv4.conf.default.rp_filter=1
>> -
>> -#Do not accept source routing
>> -net.ipv4.conf.all.accept_source_route=0
>> -net.ipv4.conf.all.accept_redirects=0
>> -net.ipv4.conf.default.accept_source_route=0
>> -net.ipv4.conf.default.accept_redirects=0
>> -net.ipv4.icmp_echo_ignore_broadcasts=1
>> -net.ipv4.icmp_ignore_bogus_error_responses=1
>> -net.ipv4.ip_forward=0
>> -# net.ipv6.conf.all.forwarding=1
>> -
>> -# disable bridge firewalling by default
>> -net.bridge.bridge-nf-call-arptables=0
>> -net.bridge.bridge-nf-call-ip6tables=0
>> -net.bridge.bridge-nf-call-iptables=0
>> -
>> -net.ipv6.conf.default.accept_dad=0
>> -net.ipv6.conf.default.accept_ra=0
>> -net.ipv6.conf.default.accept_redirects=0
>> -net.ipv6.conf.all.accept_dad=0
>> -net.ipv6.conf.all.accept_ra=1
>> -net.ipv6.conf.all.accept_redirects=0
>> -
>> -# Number of Router Solicitations to send until assuming no routers are present.
>> -# This is host and not router
>> -net.ipv6.conf.default.router_solicitations = 0
>> -net.ipv6.conf.all.router_solicitations = 0
>> - 
>> -# Accept Router Preference in RA?
>> -net.ipv6.conf.default.accept_ra_rtr_pref = 0
>> -net.ipv6.conf.all.accept_ra_rtr_pref = 1
>> - 
>> -# Learn Prefix Information in Router Advertisement
>> -net.ipv6.conf.default.accept_ra_pinfo = 0
>> -net.ipv6.conf.all.accept_ra_pinfo = 1
>> - 
>> -# Setting controls whether the system will accept Hop Limit settings from a router advertisement
>> -net.ipv6.conf.default.accept_ra_defrtr = 0
>> -net.ipv6.conf.all.accept_ra_defrtr = 1
>> -
>> -#router advertisements can cause the system to assign a global unicast address to an interface
>> -net.ipv6.conf.default.autoconf = 0
>> -net.ipv6.conf.all.autoconf = 1
>> -
>> -#how many neighbor solicitations to send out per address?
>> -net.ipv6.conf.default.dad_transmits = 3
>> -net.ipv6.conf.all.dad_transmits = 3
>> -
>> -# How many global unicast IPv6 addresses can be assigned to each interface?
>> -net.ipv6.conf.default.max_addresses = 0
>> -net.ipv6.conf.all.max_addresses = 0
>> \ No newline at end of file
>> diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
>> new file mode 100644
>> index 0000000..5c61a73
>> --- /dev/null
>> +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
>> @@ -0,0 +1,70 @@
>> +net.ipv4.conf.default.arp_ignore=1
>> +net.ipv4.conf.all.arp_ignore=1
>> +net.ipv4.conf.all.forwarding=0
>> +net.ipv4.conf.all.send_redirects=0
>> +net.ipv4.tcp_ecn=0
>> +net.ipv4.tcp_fin_timeout=30
>> +net.ipv4.tcp_keepalive_time=120
>> +net.ipv4.tcp_syncookies=1
>> +net.ipv4.tcp_timestamps=0
>> +net.ipv4.netfilter.ip_conntrack_checksum=0
>> +net.ipv4.netfilter.ip_conntrack_max=16384
>> +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
>> +net.ipv4.netfilter.ip_conntrack_udp_timeout=60
>> +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
>> +net.core.netdev_max_backlog=30
>> +net.netfilter.nf_conntrack_checksum=0
>> +
>> +#Controls source route verification
>> +net.ipv4.conf.default.rp_filter=1
>> +
>> +#Do not accept source routing
>> +net.ipv4.conf.all.accept_source_route=0
>> +net.ipv4.conf.all.accept_redirects=0
>> +net.ipv4.conf.default.accept_source_route=0
>> +net.ipv4.conf.default.accept_redirects=0
>> +net.ipv4.icmp_echo_ignore_broadcasts=1
>> +net.ipv4.icmp_ignore_bogus_error_responses=1
>> +net.ipv4.ip_forward=0
>> +# net.ipv6.conf.all.forwarding=1
>> +
>> +# disable bridge firewalling by default
>> +net.bridge.bridge-nf-call-arptables=0
>> +net.bridge.bridge-nf-call-ip6tables=0
>> +net.bridge.bridge-nf-call-iptables=0
>> +
>> +net.ipv6.conf.default.accept_dad=0
>> +net.ipv6.conf.default.accept_ra=0
>> +net.ipv6.conf.default.accept_redirects=0
>> +net.ipv6.conf.all.accept_dad=0
>> +net.ipv6.conf.all.accept_ra=1
>> +net.ipv6.conf.all.accept_redirects=0
>> +
>> +# Number of Router Solicitations to send until assuming no routers are present.
>> +# This is host and not router
>> +net.ipv6.conf.default.router_solicitations = 0
>> +net.ipv6.conf.all.router_solicitations = 0
>> + 
>> +# Accept Router Preference in RA?
>> +net.ipv6.conf.default.accept_ra_rtr_pref = 0
>> +net.ipv6.conf.all.accept_ra_rtr_pref = 1
>> + 
>> +# Learn Prefix Information in Router Advertisement
>> +net.ipv6.conf.default.accept_ra_pinfo = 0
>> +net.ipv6.conf.all.accept_ra_pinfo = 1
>> + 
>> +# Setting controls whether the system will accept Hop Limit settings from a router advertisement
>> +net.ipv6.conf.default.accept_ra_defrtr = 0
>> +net.ipv6.conf.all.accept_ra_defrtr = 1
>> +
>> +#router advertisements can cause the system to assign a global unicast address to an interface
>> +net.ipv6.conf.default.autoconf = 0
>> +net.ipv6.conf.all.autoconf = 1
>> +
>> +#how many neighbor solicitations to send out per address?
>> +net.ipv6.conf.default.dad_transmits = 3
>> +net.ipv6.conf.all.dad_transmits = 3
>> +
>> +# How many global unicast IPv6 addresses can be assigned to each interface?
>> +net.ipv6.conf.default.max_addresses = 0
>> +net.ipv6.conf.all.max_addresses = 0
> 

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 833 bytes
Beschreibung: OpenPGP digital signature
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20180303/b551b283/attachment.sig>


Mehr Informationen über die Mailingliste franken-dev