[PATCH v3 1/5] bsp/default: move network sysctl's to fff-network

Tim Niemeyer tim at tn-x.org
Sa Mär 3 21:36:13 CET 2018


Hi

Und applied.

Tim

Am Samstag, den 03.03.2018, 21:32 +0100 schrieb Tim Niemeyer:
> Signed-off-by: Tim Niemeyer <tim at tn-x.org>
> Reviewed-by: Robert Langhammer <rlanghammer at web.de>
> Reviewed-by: Christian Dresel <fff at chrisi01.de>
> Tested-by: Christian Dresel <fff at chrisi01.de>
> ---
> 
> Changes in v3: None
> Changes in v2: None
> 
>  bsp/default/root_file_system/etc/sysctl.conf       | 70 ------------
> ----------
>  .../files/etc/sysctl.d/50-fff-network.conf         | 70
> ++++++++++++++++++++++
>  2 files changed, 70 insertions(+), 70 deletions(-)
>  create mode 100644 src/packages/fff/fff-
> network/files/etc/sysctl.d/50-fff-network.conf
> 
> diff --git a/bsp/default/root_file_system/etc/sysctl.conf
> b/bsp/default/root_file_system/etc/sysctl.conf
> index f6d85a7..34ce708 100644
> --- a/bsp/default/root_file_system/etc/sysctl.conf
> +++ b/bsp/default/root_file_system/etc/sysctl.conf
> @@ -1,71 +1 @@
>  kernel.panic=3
> -net.ipv4.conf.default.arp_ignore=1
> -net.ipv4.conf.all.arp_ignore=1
> -net.ipv4.conf.all.forwarding=0
> -net.ipv4.conf.all.send_redirects=0
> -net.ipv4.tcp_ecn=0
> -net.ipv4.tcp_fin_timeout=30
> -net.ipv4.tcp_keepalive_time=120
> -net.ipv4.tcp_syncookies=1
> -net.ipv4.tcp_timestamps=0
> -net.ipv4.netfilter.ip_conntrack_checksum=0
> -net.ipv4.netfilter.ip_conntrack_max=16384
> -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
> -net.ipv4.netfilter.ip_conntrack_udp_timeout=60
> -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
> -net.core.netdev_max_backlog=30
> -net.netfilter.nf_conntrack_checksum=0
> -
> -#Controls source route verification
> -net.ipv4.conf.default.rp_filter=1
> -
> -#Do not accept source routing
> -net.ipv4.conf.all.accept_source_route=0
> -net.ipv4.conf.all.accept_redirects=0
> -net.ipv4.conf.default.accept_source_route=0
> -net.ipv4.conf.default.accept_redirects=0
> -net.ipv4.icmp_echo_ignore_broadcasts=1
> -net.ipv4.icmp_ignore_bogus_error_responses=1
> -net.ipv4.ip_forward=0
> -# net.ipv6.conf.all.forwarding=1
> -
> -# disable bridge firewalling by default
> -net.bridge.bridge-nf-call-arptables=0
> -net.bridge.bridge-nf-call-ip6tables=0
> -net.bridge.bridge-nf-call-iptables=0
> -
> -net.ipv6.conf.default.accept_dad=0
> -net.ipv6.conf.default.accept_ra=0
> -net.ipv6.conf.default.accept_redirects=0
> -net.ipv6.conf.all.accept_dad=0
> -net.ipv6.conf.all.accept_ra=1
> -net.ipv6.conf.all.accept_redirects=0
> -
> -# Number of Router Solicitations to send until assuming no routers
> are present.
> -# This is host and not router
> -net.ipv6.conf.default.router_solicitations = 0
> -net.ipv6.conf.all.router_solicitations = 0
>> -# Accept Router Preference in RA?
> -net.ipv6.conf.default.accept_ra_rtr_pref = 0
> -net.ipv6.conf.all.accept_ra_rtr_pref = 1
>> -# Learn Prefix Information in Router Advertisement
> -net.ipv6.conf.default.accept_ra_pinfo = 0
> -net.ipv6.conf.all.accept_ra_pinfo = 1
>> -# Setting controls whether the system will accept Hop Limit settings
> from a router advertisement
> -net.ipv6.conf.default.accept_ra_defrtr = 0
> -net.ipv6.conf.all.accept_ra_defrtr = 1
> -
> -#router advertisements can cause the system to assign a global
> unicast address to an interface
> -net.ipv6.conf.default.autoconf = 0
> -net.ipv6.conf.all.autoconf = 1
> -
> -#how many neighbor solicitations to send out per address?
> -net.ipv6.conf.default.dad_transmits = 3
> -net.ipv6.conf.all.dad_transmits = 3
> -
> -# How many global unicast IPv6 addresses can be assigned to each
> interface?
> -net.ipv6.conf.default.max_addresses = 0
> -net.ipv6.conf.all.max_addresses = 0
> \ No newline at end of file
> diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-
> network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-
> fff-network.conf
> new file mode 100644
> index 0000000..5c61a73
> --- /dev/null
> +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-
> network.conf
> @@ -0,0 +1,70 @@
> +net.ipv4.conf.default.arp_ignore=1
> +net.ipv4.conf.all.arp_ignore=1
> +net.ipv4.conf.all.forwarding=0
> +net.ipv4.conf.all.send_redirects=0
> +net.ipv4.tcp_ecn=0
> +net.ipv4.tcp_fin_timeout=30
> +net.ipv4.tcp_keepalive_time=120
> +net.ipv4.tcp_syncookies=1
> +net.ipv4.tcp_timestamps=0
> +net.ipv4.netfilter.ip_conntrack_checksum=0
> +net.ipv4.netfilter.ip_conntrack_max=16384
> +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
> +net.ipv4.netfilter.ip_conntrack_udp_timeout=60
> +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
> +net.core.netdev_max_backlog=30
> +net.netfilter.nf_conntrack_checksum=0
> +
> +#Controls source route verification
> +net.ipv4.conf.default.rp_filter=1
> +
> +#Do not accept source routing
> +net.ipv4.conf.all.accept_source_route=0
> +net.ipv4.conf.all.accept_redirects=0
> +net.ipv4.conf.default.accept_source_route=0
> +net.ipv4.conf.default.accept_redirects=0
> +net.ipv4.icmp_echo_ignore_broadcasts=1
> +net.ipv4.icmp_ignore_bogus_error_responses=1
> +net.ipv4.ip_forward=0
> +# net.ipv6.conf.all.forwarding=1
> +
> +# disable bridge firewalling by default
> +net.bridge.bridge-nf-call-arptables=0
> +net.bridge.bridge-nf-call-ip6tables=0
> +net.bridge.bridge-nf-call-iptables=0
> +
> +net.ipv6.conf.default.accept_dad=0
> +net.ipv6.conf.default.accept_ra=0
> +net.ipv6.conf.default.accept_redirects=0
> +net.ipv6.conf.all.accept_dad=0
> +net.ipv6.conf.all.accept_ra=1
> +net.ipv6.conf.all.accept_redirects=0
> +
> +# Number of Router Solicitations to send until assuming no routers
> are present.
> +# This is host and not router
> +net.ipv6.conf.default.router_solicitations = 0
> +net.ipv6.conf.all.router_solicitations = 0
>> +# Accept Router Preference in RA?
> +net.ipv6.conf.default.accept_ra_rtr_pref = 0
> +net.ipv6.conf.all.accept_ra_rtr_pref = 1
>> +# Learn Prefix Information in Router Advertisement
> +net.ipv6.conf.default.accept_ra_pinfo = 0
> +net.ipv6.conf.all.accept_ra_pinfo = 1
>> +# Setting controls whether the system will accept Hop Limit settings
> from a router advertisement
> +net.ipv6.conf.default.accept_ra_defrtr = 0
> +net.ipv6.conf.all.accept_ra_defrtr = 1
> +
> +#router advertisements can cause the system to assign a global
> unicast address to an interface
> +net.ipv6.conf.default.autoconf = 0
> +net.ipv6.conf.all.autoconf = 1
> +
> +#how many neighbor solicitations to send out per address?
> +net.ipv6.conf.default.dad_transmits = 3
> +net.ipv6.conf.all.dad_transmits = 3
> +
> +# How many global unicast IPv6 addresses can be assigned to each
> interface?
> +net.ipv6.conf.default.max_addresses = 0
> +net.ipv6.conf.all.max_addresses = 0
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 488 bytes
Beschreibung: This is a digitally signed message part
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20180303/c9843a59/attachment.sig>


Mehr Informationen über die Mailingliste franken-dev