[PATCH v2 1/5] bsp/default: move network sysctl's to fff-network

Christian Dresel fff at chrisi01.de
Sa Mär 3 21:28:53 CET 2018 

vergessen... gitl natürlich auch für das ganze Set

On 03.03.2018 21:27, Christian Dresel wrote:
> Hi
> 
> ich häng mich dran, wenn das "w" das zuviel da war noch gefixt wird (wie
> bereits in deiner Mail erwähnt) dann ein:
> 
> Reviewed-by: Christian Dresel <fff at chrisi01.de>
> Tested-by: Christian Dresel <fff at chrisi01.de>
> getestet auf einen wr841v10 mit dem manuell entfernten "w".
> 
> mfg
> 
> Christian
> 
> On 03.03.2018 19:07, robert wrote:
>> Hi Tim,
>>
>> du hast ja alles eingebaut was ich vorgeschlagen hab :) drum sofort ein
>>
>> Reviewed-by: Robert Langhgammer <rlanghammer at web.de>
>>
>> von mir fuer das ganze Patchset.
>>
>> Am 03.03.2018 um 18:11 schrieb Tim Niemeyer:
>>> Signed-off-by: Tim Niemeyer <tim at tn-x.org>
>>> ---
>>>
>>> Changes in v2: None
>>>
>>>  bsp/default/root_file_system/etc/sysctl.conf       | 70 ----------------------
>>>  .../files/etc/sysctl.d/50-fff-network.conf         | 70 ++++++++++++++++++++++
>>>  2 files changed, 70 insertions(+), 70 deletions(-)
>>>  create mode 100644 src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
>>>
>>> diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf
>>> index f6d85a7..34ce708 100644
>>> --- a/bsp/default/root_file_system/etc/sysctl.conf
>>> +++ b/bsp/default/root_file_system/etc/sysctl.conf
>>> @@ -1,71 +1 @@
>>>  kernel.panic=3
>>> -net.ipv4.conf.default.arp_ignore=1
>>> -net.ipv4.conf.all.arp_ignore=1
>>> -net.ipv4.conf.all.forwarding=0
>>> -net.ipv4.conf.all.send_redirects=0
>>> -net.ipv4.tcp_ecn=0
>>> -net.ipv4.tcp_fin_timeout=30
>>> -net.ipv4.tcp_keepalive_time=120
>>> -net.ipv4.tcp_syncookies=1
>>> -net.ipv4.tcp_timestamps=0
>>> -net.ipv4.netfilter.ip_conntrack_checksum=0
>>> -net.ipv4.netfilter.ip_conntrack_max=16384
>>> -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
>>> -net.ipv4.netfilter.ip_conntrack_udp_timeout=60
>>> -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
>>> -net.core.netdev_max_backlog=30
>>> -net.netfilter.nf_conntrack_checksum=0
>>> -
>>> -#Controls source route verification
>>> -net.ipv4.conf.default.rp_filter=1
>>> -
>>> -#Do not accept source routing
>>> -net.ipv4.conf.all.accept_source_route=0
>>> -net.ipv4.conf.all.accept_redirects=0
>>> -net.ipv4.conf.default.accept_source_route=0
>>> -net.ipv4.conf.default.accept_redirects=0
>>> -net.ipv4.icmp_echo_ignore_broadcasts=1
>>> -net.ipv4.icmp_ignore_bogus_error_responses=1
>>> -net.ipv4.ip_forward=0
>>> -# net.ipv6.conf.all.forwarding=1
>>> -
>>> -# disable bridge firewalling by default
>>> -net.bridge.bridge-nf-call-arptables=0
>>> -net.bridge.bridge-nf-call-ip6tables=0
>>> -net.bridge.bridge-nf-call-iptables=0
>>> -
>>> -net.ipv6.conf.default.accept_dad=0
>>> -net.ipv6.conf.default.accept_ra=0
>>> -net.ipv6.conf.default.accept_redirects=0
>>> -net.ipv6.conf.all.accept_dad=0
>>> -net.ipv6.conf.all.accept_ra=1
>>> -net.ipv6.conf.all.accept_redirects=0
>>> -
>>> -# Number of Router Solicitations to send until assuming no routers are present.
>>> -# This is host and not router
>>> -net.ipv6.conf.default.router_solicitations = 0
>>> -net.ipv6.conf.all.router_solicitations = 0
>>> - 
>>> -# Accept Router Preference in RA?
>>> -net.ipv6.conf.default.accept_ra_rtr_pref = 0
>>> -net.ipv6.conf.all.accept_ra_rtr_pref = 1
>>> - 
>>> -# Learn Prefix Information in Router Advertisement
>>> -net.ipv6.conf.default.accept_ra_pinfo = 0
>>> -net.ipv6.conf.all.accept_ra_pinfo = 1
>>> - 
>>> -# Setting controls whether the system will accept Hop Limit settings from a router advertisement
>>> -net.ipv6.conf.default.accept_ra_defrtr = 0
>>> -net.ipv6.conf.all.accept_ra_defrtr = 1
>>> -
>>> -#router advertisements can cause the system to assign a global unicast address to an interface
>>> -net.ipv6.conf.default.autoconf = 0
>>> -net.ipv6.conf.all.autoconf = 1
>>> -
>>> -#how many neighbor solicitations to send out per address?
>>> -net.ipv6.conf.default.dad_transmits = 3
>>> -net.ipv6.conf.all.dad_transmits = 3
>>> -
>>> -# How many global unicast IPv6 addresses can be assigned to each interface?
>>> -net.ipv6.conf.default.max_addresses = 0
>>> -net.ipv6.conf.all.max_addresses = 0
>>> \ No newline at end of file
>>> diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
>>> new file mode 100644
>>> index 0000000..5c61a73
>>> --- /dev/null
>>> +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
>>> @@ -0,0 +1,70 @@
>>> +net.ipv4.conf.default.arp_ignore=1
>>> +net.ipv4.conf.all.arp_ignore=1
>>> +net.ipv4.conf.all.forwarding=0
>>> +net.ipv4.conf.all.send_redirects=0
>>> +net.ipv4.tcp_ecn=0
>>> +net.ipv4.tcp_fin_timeout=30
>>> +net.ipv4.tcp_keepalive_time=120
>>> +net.ipv4.tcp_syncookies=1
>>> +net.ipv4.tcp_timestamps=0
>>> +net.ipv4.netfilter.ip_conntrack_checksum=0
>>> +net.ipv4.netfilter.ip_conntrack_max=16384
>>> +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
>>> +net.ipv4.netfilter.ip_conntrack_udp_timeout=60
>>> +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
>>> +net.core.netdev_max_backlog=30
>>> +net.netfilter.nf_conntrack_checksum=0
>>> +
>>> +#Controls source route verification
>>> +net.ipv4.conf.default.rp_filter=1
>>> +
>>> +#Do not accept source routing
>>> +net.ipv4.conf.all.accept_source_route=0
>>> +net.ipv4.conf.all.accept_redirects=0
>>> +net.ipv4.conf.default.accept_source_route=0
>>> +net.ipv4.conf.default.accept_redirects=0
>>> +net.ipv4.icmp_echo_ignore_broadcasts=1
>>> +net.ipv4.icmp_ignore_bogus_error_responses=1
>>> +net.ipv4.ip_forward=0
>>> +# net.ipv6.conf.all.forwarding=1
>>> +
>>> +# disable bridge firewalling by default
>>> +net.bridge.bridge-nf-call-arptables=0
>>> +net.bridge.bridge-nf-call-ip6tables=0
>>> +net.bridge.bridge-nf-call-iptables=0
>>> +
>>> +net.ipv6.conf.default.accept_dad=0
>>> +net.ipv6.conf.default.accept_ra=0
>>> +net.ipv6.conf.default.accept_redirects=0
>>> +net.ipv6.conf.all.accept_dad=0
>>> +net.ipv6.conf.all.accept_ra=1
>>> +net.ipv6.conf.all.accept_redirects=0
>>> +
>>> +# Number of Router Solicitations to send until assuming no routers are present.
>>> +# This is host and not router
>>> +net.ipv6.conf.default.router_solicitations = 0
>>> +net.ipv6.conf.all.router_solicitations = 0
>>> + 
>>> +# Accept Router Preference in RA?
>>> +net.ipv6.conf.default.accept_ra_rtr_pref = 0
>>> +net.ipv6.conf.all.accept_ra_rtr_pref = 1
>>> + 
>>> +# Learn Prefix Information in Router Advertisement
>>> +net.ipv6.conf.default.accept_ra_pinfo = 0
>>> +net.ipv6.conf.all.accept_ra_pinfo = 1
>>> + 
>>> +# Setting controls whether the system will accept Hop Limit settings from a router advertisement
>>> +net.ipv6.conf.default.accept_ra_defrtr = 0
>>> +net.ipv6.conf.all.accept_ra_defrtr = 1
>>> +
>>> +#router advertisements can cause the system to assign a global unicast address to an interface
>>> +net.ipv6.conf.default.autoconf = 0
>>> +net.ipv6.conf.all.autoconf = 1
>>> +
>>> +#how many neighbor solicitations to send out per address?
>>> +net.ipv6.conf.default.dad_transmits = 3
>>> +net.ipv6.conf.all.dad_transmits = 3
>>> +
>>> +# How many global unicast IPv6 addresses can be assigned to each interface?
>>> +net.ipv6.conf.default.max_addresses = 0
>>> +net.ipv6.conf.all.max_addresses = 0
>>
> 
> 
> 

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 833 bytes
Beschreibung: OpenPGP digital signature
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20180303/cc90f134/attachment.sig>

Mehr Informationen über die Mailingliste franken-dev