Message ID | 1517313420-2118-1-git-send-email-freifunk@adrianschmutzler.de |
---|---|
State | Not Applicable |
Headers | show |
diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf index f6d85a7..d1da18d 100644 --- a/bsp/default/root_file_system/etc/sysctl.conf +++ b/bsp/default/root_file_system/etc/sysctl.conf @@ -1,5 +1,7 @@ kernel.panic=3 net.ipv4.conf.default.arp_ignore=1 +net.ipv4.conf.default.forwarding=0 +net.ipv4.conf.default.send_redirects=0 net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.forwarding=0 net.ipv4.conf.all.send_redirects=0 @@ -18,6 +20,7 @@ net.netfilter.nf_conntrack_checksum=0 #Controls source route verification net.ipv4.conf.default.rp_filter=1 +net.ipv4.conf.all.rp_filter=1 #Do not accept source routing net.ipv4.conf.all.accept_source_route=0 @@ -27,7 +30,6 @@ net.ipv4.conf.default.accept_redirects=0 net.ipv4.icmp_echo_ignore_broadcasts=1 net.ipv4.icmp_ignore_bogus_error_responses=1 net.ipv4.ip_forward=0 -# net.ipv6.conf.all.forwarding=1 # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=0 @@ -38,29 +40,29 @@ net.ipv6.conf.default.accept_dad=0 net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.default.accept_redirects=0 net.ipv6.conf.all.accept_dad=0 -net.ipv6.conf.all.accept_ra=1 +net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.all.accept_redirects=0 # Number of Router Solicitations to send until assuming no routers are present. # This is host and not router net.ipv6.conf.default.router_solicitations = 0 net.ipv6.conf.all.router_solicitations = 0 - + # Accept Router Preference in RA? net.ipv6.conf.default.accept_ra_rtr_pref = 0 -net.ipv6.conf.all.accept_ra_rtr_pref = 1 - +net.ipv6.conf.all.accept_ra_rtr_pref = 0 + # Learn Prefix Information in Router Advertisement net.ipv6.conf.default.accept_ra_pinfo = 0 -net.ipv6.conf.all.accept_ra_pinfo = 1 - +net.ipv6.conf.all.accept_ra_pinfo = 0 + # Setting controls whether the system will accept Hop Limit settings from a router advertisement net.ipv6.conf.default.accept_ra_defrtr = 0 -net.ipv6.conf.all.accept_ra_defrtr = 1 +net.ipv6.conf.all.accept_ra_defrtr = 0 #router advertisements can cause the system to assign a global unicast address to an interface net.ipv6.conf.default.autoconf = 0 -net.ipv6.conf.all.autoconf = 1 +net.ipv6.conf.all.autoconf = 0 #how many neighbor solicitations to send out per address? net.ipv6.conf.default.dad_transmits = 3 @@ -68,4 +70,4 @@ net.ipv6.conf.all.dad_transmits = 3 # How many global unicast IPv6 addresses can be assigned to each interface? net.ipv6.conf.default.max_addresses = 0 -net.ipv6.conf.all.max_addresses = 0 \ No newline at end of file +net.ipv6.conf.all.max_addresses = 0 diff --git a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork index 16b3f8c..623eba9 100755 --- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork +++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork @@ -136,10 +136,11 @@ else fi fi if [ -n "$wanon" ]; then - echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" > "$sysctlfile" + echo "net.ipv6.conf.$WANDEV.accept_ra=$wanon" > "$sysctlfile" + echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >> "$sysctlfile" echo "net.ipv6.conf.$WANDEV.accept_ra_pinfo=$wanon" >> "$sysctlfile" + echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" >> "$sysctlfile" echo "net.ipv6.conf.$WANDEV.autoconf=$wanon" >> "$sysctlfile" - echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >> "$sysctlfile" # Set values for current session, so no reboot is required sysctl -p "$sysctlfile" fi
Hallo Robert, ich habe auch darüber nachgedacht, die einfach zu löschen. Aber vll. weiß ja jemand, wie man sie ERSETZEN kann? Grüße Adrian > -----Original Message----- > From: robert [mailto:rlanghammer@web.de] > Sent: Dienstag, 30. Januar 2018 14:32 > To: Adrian Schmutzler <freifunk@adrianschmutzler.de> > Subject: Re: [PATCH] sysctl.conf/configurenetwork: Harmonize "all" and > "default" > > Ich finde auch, dass man es so machen kann. Die accept_ra explizit beim > Konfigurieren setzen. > > net.ipv6.conf.default.max_addresses = 0 > net.ipv6.conf.all.max_addresses = 0 > Das sollte noch raus, dann wird der Defaultwert 16 gesetzt. Warum man das > mal rein hat, kann ich nicht sagen. > > Und das auch weg wegen: > > sysctl: error: 'net.ipv6.conf.default.accept_ra_rtr_pref' is an unknown key > sysctl: error: 'net.ipv6.conf.all.accept_ra_rtr_pref' is an unknown key > > Und die gibts auch nicht mehr: > > sysctl: error: 'net.ipv4.netfilter.ip_conntrack_checksum' is an unknown key > sysctl: error: 'net.ipv4.netfilter.ip_conntrack_max' is an unknown key > sysctl: error: 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established' > is an unknown key > sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout' is an unknown > key > sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout_stream' is an > unknown key > > Koennte man doch gleich mit aufraeumen. > > Robert > > Am 30.01.2018 um 12:57 schrieb Adrian Schmutzler: > > This harmonizes settings for all and default and applies WAN- specific > > settings only directly to the WAN interface by using configurenetwork. > > > > Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > > > > --- > > > > This patch requires the configurenetwork tidy-up patches beforehand. > > > > It effectively reverts most of the changes in > > > https://github.com/FreifunkFranken/firmware/commit/118d7d8236d6e3dc6 > 7a > > e68fa41a29fe96de21ac1#diff-e442ca9025162ec51dcb665a6f9e0327 > > > > For more info, see > > https://mantis.freifunk-franken.de/view.php?id=83 > > > > Note that this does NOT FIX the ULA IPv6 issue, but only prepares the > > way there. > > --- > > bsp/default/root_file_system/etc/sysctl.conf | 22 ++++++++++++------ > ---- > > .../fff-network/files/usr/sbin/configurenetwork | 5 +++-- > > 2 files changed, 15 insertions(+), 12 deletions(-) > > > > diff --git a/bsp/default/root_file_system/etc/sysctl.conf > > b/bsp/default/root_file_system/etc/sysctl.conf > > index f6d85a7..d1da18d 100644 > > --- a/bsp/default/root_file_system/etc/sysctl.conf > > +++ b/bsp/default/root_file_system/etc/sysctl.conf > > @@ -1,5 +1,7 @@ > > kernel.panic=3 > > net.ipv4.conf.default.arp_ignore=1 > > +net.ipv4.conf.default.forwarding=0 > > +net.ipv4.conf.default.send_redirects=0 > > net.ipv4.conf.all.arp_ignore=1 > > net.ipv4.conf.all.forwarding=0 > > net.ipv4.conf.all.send_redirects=0 > > @@ -18,6 +20,7 @@ net.netfilter.nf_conntrack_checksum=0 > > > > #Controls source route verification > > net.ipv4.conf.default.rp_filter=1 > > +net.ipv4.conf.all.rp_filter=1 > > > > #Do not accept source routing > > net.ipv4.conf.all.accept_source_route=0 > > @@ -27,7 +30,6 @@ net.ipv4.conf.default.accept_redirects=0 > > net.ipv4.icmp_echo_ignore_broadcasts=1 > > net.ipv4.icmp_ignore_bogus_error_responses=1 > > net.ipv4.ip_forward=0 > > -# net.ipv6.conf.all.forwarding=1 > > > > # disable bridge firewalling by default > > net.bridge.bridge-nf-call-arptables=0 > > @@ -38,29 +40,29 @@ net.ipv6.conf.default.accept_dad=0 > > net.ipv6.conf.default.accept_ra=0 > > net.ipv6.conf.default.accept_redirects=0 > > net.ipv6.conf.all.accept_dad=0 > > -net.ipv6.conf.all.accept_ra=1 > > +net.ipv6.conf.all.accept_ra=0 > > net.ipv6.conf.all.accept_redirects=0 > > > > # Number of Router Solicitations to send until assuming no routers are > present. > > # This is host and not router > > net.ipv6.conf.default.router_solicitations = 0 > > net.ipv6.conf.all.router_solicitations = 0 > > - > > + > > # Accept Router Preference in RA? > > net.ipv6.conf.default.accept_ra_rtr_pref = 0 > > -net.ipv6.conf.all.accept_ra_rtr_pref = 1 > > - > > +net.ipv6.conf.all.accept_ra_rtr_pref = 0 > > + > > # Learn Prefix Information in Router Advertisement > > net.ipv6.conf.default.accept_ra_pinfo = 0 > > -net.ipv6.conf.all.accept_ra_pinfo = 1 > > - > > +net.ipv6.conf.all.accept_ra_pinfo = 0 > > + > > # Setting controls whether the system will accept Hop Limit settings > > from a router advertisement net.ipv6.conf.default.accept_ra_defrtr = > > 0 -net.ipv6.conf.all.accept_ra_defrtr = 1 > > +net.ipv6.conf.all.accept_ra_defrtr = 0 > > > > #router advertisements can cause the system to assign a global > > unicast address to an interface net.ipv6.conf.default.autoconf = 0 > > -net.ipv6.conf.all.autoconf = 1 > > +net.ipv6.conf.all.autoconf = 0 > > > > #how many neighbor solicitations to send out per address? > > net.ipv6.conf.default.dad_transmits = 3 @@ -68,4 +70,4 @@ > > net.ipv6.conf.all.dad_transmits = 3 > > > > # How many global unicast IPv6 addresses can be assigned to each > interface? > > net.ipv6.conf.default.max_addresses = 0 > > -net.ipv6.conf.all.max_addresses = 0 \ No newline at end of file > > +net.ipv6.conf.all.max_addresses = 0 > > diff --git > > a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork > > b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork > > index 16b3f8c..623eba9 100755 > > --- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork > > +++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork > > @@ -136,10 +136,11 @@ else > > fi > > fi > > if [ -n "$wanon" ]; then > > - echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" > > "$sysctlfile" > > + echo "net.ipv6.conf.$WANDEV.accept_ra=$wanon" > "$sysctlfile" > > + echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >> > "$sysctlfile" > > echo "net.ipv6.conf.$WANDEV.accept_ra_pinfo=$wanon" >> > "$sysctlfile" > > + echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" >> > "$sysctlfile" > > echo "net.ipv6.conf.$WANDEV.autoconf=$wanon" >> "$sysctlfile" > > - echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >> > "$sysctlfile" > > # Set values for current session, so no reboot is required > > sysctl -p "$sysctlfile" > > fi
This harmonizes settings for all and default and applies WAN- specific settings only directly to the WAN interface by using configurenetwork. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> --- This patch requires the configurenetwork tidy-up patches beforehand. It effectively reverts most of the changes in https://github.com/FreifunkFranken/firmware/commit/118d7d8236d6e3dc67ae68fa41a29fe96de21ac1#diff-e442ca9025162ec51dcb665a6f9e0327 For more info, see https://mantis.freifunk-franken.de/view.php?id=83 Note that this does NOT FIX the ULA IPv6 issue, but only prepares the way there. --- bsp/default/root_file_system/etc/sysctl.conf | 22 ++++++++++++---------- .../fff-network/files/usr/sbin/configurenetwork | 5 +++-- 2 files changed, 15 insertions(+), 12 deletions(-)