[PATCH v3 1/5] bsp/default: move network sysctl's to fff-network

Tim Niemeyer tim at tn-x.org
Sa Mär 3 21:32:30 CET 2018


Signed-off-by: Tim Niemeyer <tim at tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer at web.de>
Reviewed-by: Christian Dresel <fff at chrisi01.de>
Tested-by: Christian Dresel <fff at chrisi01.de>
---

Changes in v3: None
Changes in v2: None

 bsp/default/root_file_system/etc/sysctl.conf       | 70 ----------------------
 .../files/etc/sysctl.d/50-fff-network.conf         | 70 ++++++++++++++++++++++
 2 files changed, 70 insertions(+), 70 deletions(-)
 create mode 100644 src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf

diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf
index f6d85a7..34ce708 100644
--- a/bsp/default/root_file_system/etc/sysctl.conf
+++ b/bsp/default/root_file_system/etc/sysctl.conf
@@ -1,71 +1 @@
 kernel.panic=3
-net.ipv4.conf.default.arp_ignore=1
-net.ipv4.conf.all.arp_ignore=1
-net.ipv4.conf.all.forwarding=0
-net.ipv4.conf.all.send_redirects=0
-net.ipv4.tcp_ecn=0
-net.ipv4.tcp_fin_timeout=30
-net.ipv4.tcp_keepalive_time=120
-net.ipv4.tcp_syncookies=1
-net.ipv4.tcp_timestamps=0
-net.ipv4.netfilter.ip_conntrack_checksum=0
-net.ipv4.netfilter.ip_conntrack_max=16384
-net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
-net.ipv4.netfilter.ip_conntrack_udp_timeout=60
-net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
-net.core.netdev_max_backlog=30
-net.netfilter.nf_conntrack_checksum=0
-
-#Controls source route verification
-net.ipv4.conf.default.rp_filter=1
-
-#Do not accept source routing
-net.ipv4.conf.all.accept_source_route=0
-net.ipv4.conf.all.accept_redirects=0
-net.ipv4.conf.default.accept_source_route=0
-net.ipv4.conf.default.accept_redirects=0
-net.ipv4.icmp_echo_ignore_broadcasts=1
-net.ipv4.icmp_ignore_bogus_error_responses=1
-net.ipv4.ip_forward=0
-# net.ipv6.conf.all.forwarding=1
-
-# disable bridge firewalling by default
-net.bridge.bridge-nf-call-arptables=0
-net.bridge.bridge-nf-call-ip6tables=0
-net.bridge.bridge-nf-call-iptables=0
-
-net.ipv6.conf.default.accept_dad=0
-net.ipv6.conf.default.accept_ra=0
-net.ipv6.conf.default.accept_redirects=0
-net.ipv6.conf.all.accept_dad=0
-net.ipv6.conf.all.accept_ra=1
-net.ipv6.conf.all.accept_redirects=0
-
-# Number of Router Solicitations to send until assuming no routers are present.
-# This is host and not router
-net.ipv6.conf.default.router_solicitations = 0
-net.ipv6.conf.all.router_solicitations = 0
- 
-# Accept Router Preference in RA?
-net.ipv6.conf.default.accept_ra_rtr_pref = 0
-net.ipv6.conf.all.accept_ra_rtr_pref = 1
- 
-# Learn Prefix Information in Router Advertisement
-net.ipv6.conf.default.accept_ra_pinfo = 0
-net.ipv6.conf.all.accept_ra_pinfo = 1
- 
-# Setting controls whether the system will accept Hop Limit settings from a router advertisement
-net.ipv6.conf.default.accept_ra_defrtr = 0
-net.ipv6.conf.all.accept_ra_defrtr = 1
-
-#router advertisements can cause the system to assign a global unicast address to an interface
-net.ipv6.conf.default.autoconf = 0
-net.ipv6.conf.all.autoconf = 1
-
-#how many neighbor solicitations to send out per address?
-net.ipv6.conf.default.dad_transmits = 3
-net.ipv6.conf.all.dad_transmits = 3
-
-# How many global unicast IPv6 addresses can be assigned to each interface?
-net.ipv6.conf.default.max_addresses = 0
-net.ipv6.conf.all.max_addresses = 0
\ No newline at end of file
diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
new file mode 100644
index 0000000..5c61a73
--- /dev/null
+++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
@@ -0,0 +1,70 @@
+net.ipv4.conf.default.arp_ignore=1
+net.ipv4.conf.all.arp_ignore=1
+net.ipv4.conf.all.forwarding=0
+net.ipv4.conf.all.send_redirects=0
+net.ipv4.tcp_ecn=0
+net.ipv4.tcp_fin_timeout=30
+net.ipv4.tcp_keepalive_time=120
+net.ipv4.tcp_syncookies=1
+net.ipv4.tcp_timestamps=0
+net.ipv4.netfilter.ip_conntrack_checksum=0
+net.ipv4.netfilter.ip_conntrack_max=16384
+net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
+net.ipv4.netfilter.ip_conntrack_udp_timeout=60
+net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
+net.core.netdev_max_backlog=30
+net.netfilter.nf_conntrack_checksum=0
+
+#Controls source route verification
+net.ipv4.conf.default.rp_filter=1
+
+#Do not accept source routing
+net.ipv4.conf.all.accept_source_route=0
+net.ipv4.conf.all.accept_redirects=0
+net.ipv4.conf.default.accept_source_route=0
+net.ipv4.conf.default.accept_redirects=0
+net.ipv4.icmp_echo_ignore_broadcasts=1
+net.ipv4.icmp_ignore_bogus_error_responses=1
+net.ipv4.ip_forward=0
+# net.ipv6.conf.all.forwarding=1
+
+# disable bridge firewalling by default
+net.bridge.bridge-nf-call-arptables=0
+net.bridge.bridge-nf-call-ip6tables=0
+net.bridge.bridge-nf-call-iptables=0
+
+net.ipv6.conf.default.accept_dad=0
+net.ipv6.conf.default.accept_ra=0
+net.ipv6.conf.default.accept_redirects=0
+net.ipv6.conf.all.accept_dad=0
+net.ipv6.conf.all.accept_ra=1
+net.ipv6.conf.all.accept_redirects=0
+
+# Number of Router Solicitations to send until assuming no routers are present.
+# This is host and not router
+net.ipv6.conf.default.router_solicitations = 0
+net.ipv6.conf.all.router_solicitations = 0
+ 
+# Accept Router Preference in RA?
+net.ipv6.conf.default.accept_ra_rtr_pref = 0
+net.ipv6.conf.all.accept_ra_rtr_pref = 1
+ 
+# Learn Prefix Information in Router Advertisement
+net.ipv6.conf.default.accept_ra_pinfo = 0
+net.ipv6.conf.all.accept_ra_pinfo = 1
+ 
+# Setting controls whether the system will accept Hop Limit settings from a router advertisement
+net.ipv6.conf.default.accept_ra_defrtr = 0
+net.ipv6.conf.all.accept_ra_defrtr = 1
+
+#router advertisements can cause the system to assign a global unicast address to an interface
+net.ipv6.conf.default.autoconf = 0
+net.ipv6.conf.all.autoconf = 1
+
+#how many neighbor solicitations to send out per address?
+net.ipv6.conf.default.dad_transmits = 3
+net.ipv6.conf.all.dad_transmits = 3
+
+# How many global unicast IPv6 addresses can be assigned to each interface?
+net.ipv6.conf.default.max_addresses = 0
+net.ipv6.conf.all.max_addresses = 0
-- 
2.11.0



Mehr Informationen über die Mailingliste franken-dev