# /etc/sysctl.conf
#
# For more information on how this file works, please see
# the manpages sysctl(8) and sysctl.conf(5).
#
# In order for this file to work properly, you must first
# enable 'Sysctl support' in the kernel.
#
# Look in /proc/sys/ for all the things you can setup.
#
# Disables packet forwarding
net.ipv4.ip_forward = 0
# Disables IP dynaddr
#net.ipv4.ip_dynaddr = 0
# Disable ECN
#net.ipv4.tcp_ecn = 0
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Enable reverse path
net.ipv4.conf.all.rp_filter = 1
# Enable SYN cookies (yum!)
# http://cr.yp.to/syncookies.html
net.ipv4.tcp_syncookies = 1
# Disable source route
net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.default.accept_source_route = 0
# Disable redirects
net.ipv4.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
# Disable secure redirects
net.ipv4.conf.all.secure_redirects = 0
#net.ipv4.conf.default.secure_redirects = 0
# Ignore ICMP broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Disables the magic-sysrq key
#kernel.sysrq = 0
# When the kernel panics, automatically reboot in 3 seconds
#kernel.panic = 3
# Allow for more PIDs (cool factor!); may break some programs
#kernel.pid_max = 999999
# You should compile nfsd into the kernel or add it
# to modules.autoload for this to work properly
# TCP Port for lock manager
#fs.nfs.nlm_tcpport = 0
# UDP Port for lock manager
#fs.nfs.nlm_udpport = 0
net.ipv4.conf.all.log_martians = 1
Rufus & Azrael wrote:
> Hi Al and David,
>
>
> After building the fresh 2.6.27-rc4-git5 kernel with your patch in
> commit 2f4520d35d89ca6c5cd129c38e3b11f0283b7d1b, I have this error on
> boot :
>
>> Cannot open "/proc/sys/net/ipv4/route/flush"
> but networking works fine.
>
> Do I modify something in my sysctl.conf file ? (see attached).
>
> Thanks for your explanations,
>
> Regards.
>
>
>
Ok, perhaps is it a regression of your previous patches in commits
eeb61f719c00c626115852bbc91189dc3011a844 and
6f9f489a4eeaa3c8a8618e078a5270d2c4872b67 (
net: missing bits of net-namespace / sysctl)
Regards.
On Tue, Aug 26, 2008 at 07:14:50PM +0200, Rufus & Azrael wrote:
> Rufus & Azrael wrote:
>> Hi Al and David,
>>
>>
>> After building the fresh 2.6.27-rc4-git5 kernel with your patch in commit
>> 2f4520d35d89ca6c5cd129c38e3b11f0283b7d1b, I have this error on boot :
>>
>>> Cannot open "/proc/sys/net/ipv4/route/flush"
>> but networking works fine.
>>
>> Do I modify something in my sysctl.conf file ? (see attached).
>>
>> Thanks for your explanations,
>>
>> Regards.
>>
>>
>>
> Ok, perhaps is it a regression of your previous patches in commits
> eeb61f719c00c626115852bbc91189dc3011a844 and
> 6f9f489a4eeaa3c8a8618e078a5270d2c4872b67 (
> net: missing bits of net-namespace / sysctl)
I'm just about to fall down at the moment, will look into that once I get
some sleep. In the meanwhile, .config might be useful...
On Tue, Aug 26, 2008 at 08:05:15PM +0100, Al Viro wrote:
> I'm just about to fall down at the moment, will look into that once I get
> some sleep. In the meanwhile, .config might be useful...
See Subject: [PATCH] ipv4: mode 0555 in ipv4_skeleton. That's practically
certain to be the fix for the same bug.
Now, where was that brown paperbag...
Al Viro wrote:
> On Tue, Aug 26, 2008 at 08:05:15PM +0100, Al Viro wrote:
>
>
>> I'm just about to fall down at the moment, will look into that once I get
>> some sleep. In the meanwhile, .config might be useful...
>>
>
> See Subject: [PATCH] ipv4: mode 0555 in ipv4_skeleton. That's practically
> certain to be the fix for the same bug.
>
> Now, where was that brown paperbag...
>
>
Thanks Al,
Hugh's patch in post http://lkml.org/lkml/2008/8/26/236 works fine and
the route warning disappears.
Good night :-).
Regards.