| Message ID | 20180303171136.9423-1-tim@tn-x.org |
|---|---|
| State | Superseded |
| Headers | show |
diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf index f6d85a7..34ce708 100644 --- a/bsp/default/root_file_system/etc/sysctl.conf +++ b/bsp/default/root_file_system/etc/sysctl.conf @@ -1,71 +1 @@ kernel.panic=3 -net.ipv4.conf.default.arp_ignore=1 -net.ipv4.conf.all.arp_ignore=1 -net.ipv4.conf.all.forwarding=0 -net.ipv4.conf.all.send_redirects=0 -net.ipv4.tcp_ecn=0 -net.ipv4.tcp_fin_timeout=30 -net.ipv4.tcp_keepalive_time=120 -net.ipv4.tcp_syncookies=1 -net.ipv4.tcp_timestamps=0 -net.ipv4.netfilter.ip_conntrack_checksum=0 -net.ipv4.netfilter.ip_conntrack_max=16384 -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 -net.ipv4.netfilter.ip_conntrack_udp_timeout=60 -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 -net.core.netdev_max_backlog=30 -net.netfilter.nf_conntrack_checksum=0 - -#Controls source route verification -net.ipv4.conf.default.rp_filter=1 - -#Do not accept source routing -net.ipv4.conf.all.accept_source_route=0 -net.ipv4.conf.all.accept_redirects=0 -net.ipv4.conf.default.accept_source_route=0 -net.ipv4.conf.default.accept_redirects=0 -net.ipv4.icmp_echo_ignore_broadcasts=1 -net.ipv4.icmp_ignore_bogus_error_responses=1 -net.ipv4.ip_forward=0 -# net.ipv6.conf.all.forwarding=1 - -# disable bridge firewalling by default -net.bridge.bridge-nf-call-arptables=0 -net.bridge.bridge-nf-call-ip6tables=0 -net.bridge.bridge-nf-call-iptables=0 - -net.ipv6.conf.default.accept_dad=0 -net.ipv6.conf.default.accept_ra=0 -net.ipv6.conf.default.accept_redirects=0 -net.ipv6.conf.all.accept_dad=0 -net.ipv6.conf.all.accept_ra=1 -net.ipv6.conf.all.accept_redirects=0 - -# Number of Router Solicitations to send until assuming no routers are present. -# This is host and not router -net.ipv6.conf.default.router_solicitations = 0 -net.ipv6.conf.all.router_solicitations = 0 - -# Accept Router Preference in RA? -net.ipv6.conf.default.accept_ra_rtr_pref = 0 -net.ipv6.conf.all.accept_ra_rtr_pref = 1 - -# Learn Prefix Information in Router Advertisement -net.ipv6.conf.default.accept_ra_pinfo = 0 -net.ipv6.conf.all.accept_ra_pinfo = 1 - -# Setting controls whether the system will accept Hop Limit settings from a router advertisement -net.ipv6.conf.default.accept_ra_defrtr = 0 -net.ipv6.conf.all.accept_ra_defrtr = 1 - -#router advertisements can cause the system to assign a global unicast address to an interface -net.ipv6.conf.default.autoconf = 0 -net.ipv6.conf.all.autoconf = 1 - -#how many neighbor solicitations to send out per address? -net.ipv6.conf.default.dad_transmits = 3 -net.ipv6.conf.all.dad_transmits = 3 - -# How many global unicast IPv6 addresses can be assigned to each interface? -net.ipv6.conf.default.max_addresses = 0 -net.ipv6.conf.all.max_addresses = 0 \ No newline at end of file diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf new file mode 100644 index 0000000..5c61a73 --- /dev/null +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf @@ -0,0 +1,70 @@ +net.ipv4.conf.default.arp_ignore=1 +net.ipv4.conf.all.arp_ignore=1 +net.ipv4.conf.all.forwarding=0 +net.ipv4.conf.all.send_redirects=0 +net.ipv4.tcp_ecn=0 +net.ipv4.tcp_fin_timeout=30 +net.ipv4.tcp_keepalive_time=120 +net.ipv4.tcp_syncookies=1 +net.ipv4.tcp_timestamps=0 +net.ipv4.netfilter.ip_conntrack_checksum=0 +net.ipv4.netfilter.ip_conntrack_max=16384 +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 +net.core.netdev_max_backlog=30 +net.netfilter.nf_conntrack_checksum=0 + +#Controls source route verification +net.ipv4.conf.default.rp_filter=1 + +#Do not accept source routing +net.ipv4.conf.all.accept_source_route=0 +net.ipv4.conf.all.accept_redirects=0 +net.ipv4.conf.default.accept_source_route=0 +net.ipv4.conf.default.accept_redirects=0 +net.ipv4.icmp_echo_ignore_broadcasts=1 +net.ipv4.icmp_ignore_bogus_error_responses=1 +net.ipv4.ip_forward=0 +# net.ipv6.conf.all.forwarding=1 + +# disable bridge firewalling by default +net.bridge.bridge-nf-call-arptables=0 +net.bridge.bridge-nf-call-ip6tables=0 +net.bridge.bridge-nf-call-iptables=0 + +net.ipv6.conf.default.accept_dad=0 +net.ipv6.conf.default.accept_ra=0 +net.ipv6.conf.default.accept_redirects=0 +net.ipv6.conf.all.accept_dad=0 +net.ipv6.conf.all.accept_ra=1 +net.ipv6.conf.all.accept_redirects=0 + +# Number of Router Solicitations to send until assuming no routers are present. +# This is host and not router +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.all.router_solicitations = 0 + +# Accept Router Preference in RA? +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.all.accept_ra_rtr_pref = 1 + +# Learn Prefix Information in Router Advertisement +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.all.accept_ra_pinfo = 1 + +# Setting controls whether the system will accept Hop Limit settings from a router advertisement +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.all.accept_ra_defrtr = 1 + +#router advertisements can cause the system to assign a global unicast address to an interface +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.all.autoconf = 1 + +#how many neighbor solicitations to send out per address? +net.ipv6.conf.default.dad_transmits = 3 +net.ipv6.conf.all.dad_transmits = 3 + +# How many global unicast IPv6 addresses can be assigned to each interface? +net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.all.max_addresses = 0
Hi Tim, du hast ja alles eingebaut was ich vorgeschlagen hab :) drum sofort ein Reviewed-by: Robert Langhgammer <rlanghammer@web.de> von mir fuer das ganze Patchset. Am 03.03.2018 um 18:11 schrieb Tim Niemeyer: > Signed-off-by: Tim Niemeyer <tim@tn-x.org> > --- > > Changes in v2: None > > bsp/default/root_file_system/etc/sysctl.conf | 70 ---------------------- > .../files/etc/sysctl.d/50-fff-network.conf | 70 ++++++++++++++++++++++ > 2 files changed, 70 insertions(+), 70 deletions(-) > create mode 100644 src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf > > diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf > index f6d85a7..34ce708 100644 > --- a/bsp/default/root_file_system/etc/sysctl.conf > +++ b/bsp/default/root_file_system/etc/sysctl.conf > @@ -1,71 +1 @@ > kernel.panic=3 > -net.ipv4.conf.default.arp_ignore=1 > -net.ipv4.conf.all.arp_ignore=1 > -net.ipv4.conf.all.forwarding=0 > -net.ipv4.conf.all.send_redirects=0 > -net.ipv4.tcp_ecn=0 > -net.ipv4.tcp_fin_timeout=30 > -net.ipv4.tcp_keepalive_time=120 > -net.ipv4.tcp_syncookies=1 > -net.ipv4.tcp_timestamps=0 > -net.ipv4.netfilter.ip_conntrack_checksum=0 > -net.ipv4.netfilter.ip_conntrack_max=16384 > -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 > -net.ipv4.netfilter.ip_conntrack_udp_timeout=60 > -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 > -net.core.netdev_max_backlog=30 > -net.netfilter.nf_conntrack_checksum=0 > - > -#Controls source route verification > -net.ipv4.conf.default.rp_filter=1 > - > -#Do not accept source routing > -net.ipv4.conf.all.accept_source_route=0 > -net.ipv4.conf.all.accept_redirects=0 > -net.ipv4.conf.default.accept_source_route=0 > -net.ipv4.conf.default.accept_redirects=0 > -net.ipv4.icmp_echo_ignore_broadcasts=1 > -net.ipv4.icmp_ignore_bogus_error_responses=1 > -net.ipv4.ip_forward=0 > -# net.ipv6.conf.all.forwarding=1 > - > -# disable bridge firewalling by default > -net.bridge.bridge-nf-call-arptables=0 > -net.bridge.bridge-nf-call-ip6tables=0 > -net.bridge.bridge-nf-call-iptables=0 > - > -net.ipv6.conf.default.accept_dad=0 > -net.ipv6.conf.default.accept_ra=0 > -net.ipv6.conf.default.accept_redirects=0 > -net.ipv6.conf.all.accept_dad=0 > -net.ipv6.conf.all.accept_ra=1 > -net.ipv6.conf.all.accept_redirects=0 > - > -# Number of Router Solicitations to send until assuming no routers are present. > -# This is host and not router > -net.ipv6.conf.default.router_solicitations = 0 > -net.ipv6.conf.all.router_solicitations = 0 > - > -# Accept Router Preference in RA? > -net.ipv6.conf.default.accept_ra_rtr_pref = 0 > -net.ipv6.conf.all.accept_ra_rtr_pref = 1 > - > -# Learn Prefix Information in Router Advertisement > -net.ipv6.conf.default.accept_ra_pinfo = 0 > -net.ipv6.conf.all.accept_ra_pinfo = 1 > - > -# Setting controls whether the system will accept Hop Limit settings from a router advertisement > -net.ipv6.conf.default.accept_ra_defrtr = 0 > -net.ipv6.conf.all.accept_ra_defrtr = 1 > - > -#router advertisements can cause the system to assign a global unicast address to an interface > -net.ipv6.conf.default.autoconf = 0 > -net.ipv6.conf.all.autoconf = 1 > - > -#how many neighbor solicitations to send out per address? > -net.ipv6.conf.default.dad_transmits = 3 > -net.ipv6.conf.all.dad_transmits = 3 > - > -# How many global unicast IPv6 addresses can be assigned to each interface? > -net.ipv6.conf.default.max_addresses = 0 > -net.ipv6.conf.all.max_addresses = 0 > \ No newline at end of file > diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf > new file mode 100644 > index 0000000..5c61a73 > --- /dev/null > +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf > @@ -0,0 +1,70 @@ > +net.ipv4.conf.default.arp_ignore=1 > +net.ipv4.conf.all.arp_ignore=1 > +net.ipv4.conf.all.forwarding=0 > +net.ipv4.conf.all.send_redirects=0 > +net.ipv4.tcp_ecn=0 > +net.ipv4.tcp_fin_timeout=30 > +net.ipv4.tcp_keepalive_time=120 > +net.ipv4.tcp_syncookies=1 > +net.ipv4.tcp_timestamps=0 > +net.ipv4.netfilter.ip_conntrack_checksum=0 > +net.ipv4.netfilter.ip_conntrack_max=16384 > +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 > +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 > +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 > +net.core.netdev_max_backlog=30 > +net.netfilter.nf_conntrack_checksum=0 > + > +#Controls source route verification > +net.ipv4.conf.default.rp_filter=1 > + > +#Do not accept source routing > +net.ipv4.conf.all.accept_source_route=0 > +net.ipv4.conf.all.accept_redirects=0 > +net.ipv4.conf.default.accept_source_route=0 > +net.ipv4.conf.default.accept_redirects=0 > +net.ipv4.icmp_echo_ignore_broadcasts=1 > +net.ipv4.icmp_ignore_bogus_error_responses=1 > +net.ipv4.ip_forward=0 > +# net.ipv6.conf.all.forwarding=1 > + > +# disable bridge firewalling by default > +net.bridge.bridge-nf-call-arptables=0 > +net.bridge.bridge-nf-call-ip6tables=0 > +net.bridge.bridge-nf-call-iptables=0 > + > +net.ipv6.conf.default.accept_dad=0 > +net.ipv6.conf.default.accept_ra=0 > +net.ipv6.conf.default.accept_redirects=0 > +net.ipv6.conf.all.accept_dad=0 > +net.ipv6.conf.all.accept_ra=1 > +net.ipv6.conf.all.accept_redirects=0 > + > +# Number of Router Solicitations to send until assuming no routers are present. > +# This is host and not router > +net.ipv6.conf.default.router_solicitations = 0 > +net.ipv6.conf.all.router_solicitations = 0 > + > +# Accept Router Preference in RA? > +net.ipv6.conf.default.accept_ra_rtr_pref = 0 > +net.ipv6.conf.all.accept_ra_rtr_pref = 1 > + > +# Learn Prefix Information in Router Advertisement > +net.ipv6.conf.default.accept_ra_pinfo = 0 > +net.ipv6.conf.all.accept_ra_pinfo = 1 > + > +# Setting controls whether the system will accept Hop Limit settings from a router advertisement > +net.ipv6.conf.default.accept_ra_defrtr = 0 > +net.ipv6.conf.all.accept_ra_defrtr = 1 > + > +#router advertisements can cause the system to assign a global unicast address to an interface > +net.ipv6.conf.default.autoconf = 0 > +net.ipv6.conf.all.autoconf = 1 > + > +#how many neighbor solicitations to send out per address? > +net.ipv6.conf.default.dad_transmits = 3 > +net.ipv6.conf.all.dad_transmits = 3 > + > +# How many global unicast IPv6 addresses can be assigned to each interface? > +net.ipv6.conf.default.max_addresses = 0 > +net.ipv6.conf.all.max_addresses = 0
Hi ich häng mich dran, wenn das "w" das zuviel da war noch gefixt wird (wie bereits in deiner Mail erwähnt) dann ein: Reviewed-by: Christian Dresel <fff@chrisi01.de> Tested-by: Christian Dresel <fff@chrisi01.de> getestet auf einen wr841v10 mit dem manuell entfernten "w". mfg Christian On 03.03.2018 19:07, robert wrote: > Hi Tim, > > du hast ja alles eingebaut was ich vorgeschlagen hab :) drum sofort ein > > Reviewed-by: Robert Langhgammer <rlanghammer@web.de> > > von mir fuer das ganze Patchset. > > Am 03.03.2018 um 18:11 schrieb Tim Niemeyer: >> Signed-off-by: Tim Niemeyer <tim@tn-x.org> >> --- >> >> Changes in v2: None >> >> bsp/default/root_file_system/etc/sysctl.conf | 70 ---------------------- >> .../files/etc/sysctl.d/50-fff-network.conf | 70 ++++++++++++++++++++++ >> 2 files changed, 70 insertions(+), 70 deletions(-) >> create mode 100644 src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf >> >> diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf >> index f6d85a7..34ce708 100644 >> --- a/bsp/default/root_file_system/etc/sysctl.conf >> +++ b/bsp/default/root_file_system/etc/sysctl.conf >> @@ -1,71 +1 @@ >> kernel.panic=3 >> -net.ipv4.conf.default.arp_ignore=1 >> -net.ipv4.conf.all.arp_ignore=1 >> -net.ipv4.conf.all.forwarding=0 >> -net.ipv4.conf.all.send_redirects=0 >> -net.ipv4.tcp_ecn=0 >> -net.ipv4.tcp_fin_timeout=30 >> -net.ipv4.tcp_keepalive_time=120 >> -net.ipv4.tcp_syncookies=1 >> -net.ipv4.tcp_timestamps=0 >> -net.ipv4.netfilter.ip_conntrack_checksum=0 >> -net.ipv4.netfilter.ip_conntrack_max=16384 >> -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 >> -net.ipv4.netfilter.ip_conntrack_udp_timeout=60 >> -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 >> -net.core.netdev_max_backlog=30 >> -net.netfilter.nf_conntrack_checksum=0 >> - >> -#Controls source route verification >> -net.ipv4.conf.default.rp_filter=1 >> - >> -#Do not accept source routing >> -net.ipv4.conf.all.accept_source_route=0 >> -net.ipv4.conf.all.accept_redirects=0 >> -net.ipv4.conf.default.accept_source_route=0 >> -net.ipv4.conf.default.accept_redirects=0 >> -net.ipv4.icmp_echo_ignore_broadcasts=1 >> -net.ipv4.icmp_ignore_bogus_error_responses=1 >> -net.ipv4.ip_forward=0 >> -# net.ipv6.conf.all.forwarding=1 >> - >> -# disable bridge firewalling by default >> -net.bridge.bridge-nf-call-arptables=0 >> -net.bridge.bridge-nf-call-ip6tables=0 >> -net.bridge.bridge-nf-call-iptables=0 >> - >> -net.ipv6.conf.default.accept_dad=0 >> -net.ipv6.conf.default.accept_ra=0 >> -net.ipv6.conf.default.accept_redirects=0 >> -net.ipv6.conf.all.accept_dad=0 >> -net.ipv6.conf.all.accept_ra=1 >> -net.ipv6.conf.all.accept_redirects=0 >> - >> -# Number of Router Solicitations to send until assuming no routers are present. >> -# This is host and not router >> -net.ipv6.conf.default.router_solicitations = 0 >> -net.ipv6.conf.all.router_solicitations = 0 >> - >> -# Accept Router Preference in RA? >> -net.ipv6.conf.default.accept_ra_rtr_pref = 0 >> -net.ipv6.conf.all.accept_ra_rtr_pref = 1 >> - >> -# Learn Prefix Information in Router Advertisement >> -net.ipv6.conf.default.accept_ra_pinfo = 0 >> -net.ipv6.conf.all.accept_ra_pinfo = 1 >> - >> -# Setting controls whether the system will accept Hop Limit settings from a router advertisement >> -net.ipv6.conf.default.accept_ra_defrtr = 0 >> -net.ipv6.conf.all.accept_ra_defrtr = 1 >> - >> -#router advertisements can cause the system to assign a global unicast address to an interface >> -net.ipv6.conf.default.autoconf = 0 >> -net.ipv6.conf.all.autoconf = 1 >> - >> -#how many neighbor solicitations to send out per address? >> -net.ipv6.conf.default.dad_transmits = 3 >> -net.ipv6.conf.all.dad_transmits = 3 >> - >> -# How many global unicast IPv6 addresses can be assigned to each interface? >> -net.ipv6.conf.default.max_addresses = 0 >> -net.ipv6.conf.all.max_addresses = 0 >> \ No newline at end of file >> diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf >> new file mode 100644 >> index 0000000..5c61a73 >> --- /dev/null >> +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf >> @@ -0,0 +1,70 @@ >> +net.ipv4.conf.default.arp_ignore=1 >> +net.ipv4.conf.all.arp_ignore=1 >> +net.ipv4.conf.all.forwarding=0 >> +net.ipv4.conf.all.send_redirects=0 >> +net.ipv4.tcp_ecn=0 >> +net.ipv4.tcp_fin_timeout=30 >> +net.ipv4.tcp_keepalive_time=120 >> +net.ipv4.tcp_syncookies=1 >> +net.ipv4.tcp_timestamps=0 >> +net.ipv4.netfilter.ip_conntrack_checksum=0 >> +net.ipv4.netfilter.ip_conntrack_max=16384 >> +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 >> +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 >> +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 >> +net.core.netdev_max_backlog=30 >> +net.netfilter.nf_conntrack_checksum=0 >> + >> +#Controls source route verification >> +net.ipv4.conf.default.rp_filter=1 >> + >> +#Do not accept source routing >> +net.ipv4.conf.all.accept_source_route=0 >> +net.ipv4.conf.all.accept_redirects=0 >> +net.ipv4.conf.default.accept_source_route=0 >> +net.ipv4.conf.default.accept_redirects=0 >> +net.ipv4.icmp_echo_ignore_broadcasts=1 >> +net.ipv4.icmp_ignore_bogus_error_responses=1 >> +net.ipv4.ip_forward=0 >> +# net.ipv6.conf.all.forwarding=1 >> + >> +# disable bridge firewalling by default >> +net.bridge.bridge-nf-call-arptables=0 >> +net.bridge.bridge-nf-call-ip6tables=0 >> +net.bridge.bridge-nf-call-iptables=0 >> + >> +net.ipv6.conf.default.accept_dad=0 >> +net.ipv6.conf.default.accept_ra=0 >> +net.ipv6.conf.default.accept_redirects=0 >> +net.ipv6.conf.all.accept_dad=0 >> +net.ipv6.conf.all.accept_ra=1 >> +net.ipv6.conf.all.accept_redirects=0 >> + >> +# Number of Router Solicitations to send until assuming no routers are present. >> +# This is host and not router >> +net.ipv6.conf.default.router_solicitations = 0 >> +net.ipv6.conf.all.router_solicitations = 0 >> + >> +# Accept Router Preference in RA? >> +net.ipv6.conf.default.accept_ra_rtr_pref = 0 >> +net.ipv6.conf.all.accept_ra_rtr_pref = 1 >> + >> +# Learn Prefix Information in Router Advertisement >> +net.ipv6.conf.default.accept_ra_pinfo = 0 >> +net.ipv6.conf.all.accept_ra_pinfo = 1 >> + >> +# Setting controls whether the system will accept Hop Limit settings from a router advertisement >> +net.ipv6.conf.default.accept_ra_defrtr = 0 >> +net.ipv6.conf.all.accept_ra_defrtr = 1 >> + >> +#router advertisements can cause the system to assign a global unicast address to an interface >> +net.ipv6.conf.default.autoconf = 0 >> +net.ipv6.conf.all.autoconf = 1 >> + >> +#how many neighbor solicitations to send out per address? >> +net.ipv6.conf.default.dad_transmits = 3 >> +net.ipv6.conf.all.dad_transmits = 3 >> + >> +# How many global unicast IPv6 addresses can be assigned to each interface? >> +net.ipv6.conf.default.max_addresses = 0 >> +net.ipv6.conf.all.max_addresses = 0 >
vergessen... gitl natürlich auch für das ganze Set On 03.03.2018 21:27, Christian Dresel wrote: > Hi > > ich häng mich dran, wenn das "w" das zuviel da war noch gefixt wird (wie > bereits in deiner Mail erwähnt) dann ein: > > Reviewed-by: Christian Dresel <fff@chrisi01.de> > Tested-by: Christian Dresel <fff@chrisi01.de> > getestet auf einen wr841v10 mit dem manuell entfernten "w". > > mfg > > Christian > > On 03.03.2018 19:07, robert wrote: >> Hi Tim, >> >> du hast ja alles eingebaut was ich vorgeschlagen hab :) drum sofort ein >> >> Reviewed-by: Robert Langhgammer <rlanghammer@web.de> >> >> von mir fuer das ganze Patchset. >> >> Am 03.03.2018 um 18:11 schrieb Tim Niemeyer: >>> Signed-off-by: Tim Niemeyer <tim@tn-x.org> >>> --- >>> >>> Changes in v2: None >>> >>> bsp/default/root_file_system/etc/sysctl.conf | 70 ---------------------- >>> .../files/etc/sysctl.d/50-fff-network.conf | 70 ++++++++++++++++++++++ >>> 2 files changed, 70 insertions(+), 70 deletions(-) >>> create mode 100644 src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf >>> >>> diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf >>> index f6d85a7..34ce708 100644 >>> --- a/bsp/default/root_file_system/etc/sysctl.conf >>> +++ b/bsp/default/root_file_system/etc/sysctl.conf >>> @@ -1,71 +1 @@ >>> kernel.panic=3 >>> -net.ipv4.conf.default.arp_ignore=1 >>> -net.ipv4.conf.all.arp_ignore=1 >>> -net.ipv4.conf.all.forwarding=0 >>> -net.ipv4.conf.all.send_redirects=0 >>> -net.ipv4.tcp_ecn=0 >>> -net.ipv4.tcp_fin_timeout=30 >>> -net.ipv4.tcp_keepalive_time=120 >>> -net.ipv4.tcp_syncookies=1 >>> -net.ipv4.tcp_timestamps=0 >>> -net.ipv4.netfilter.ip_conntrack_checksum=0 >>> -net.ipv4.netfilter.ip_conntrack_max=16384 >>> -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 >>> -net.ipv4.netfilter.ip_conntrack_udp_timeout=60 >>> -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 >>> -net.core.netdev_max_backlog=30 >>> -net.netfilter.nf_conntrack_checksum=0 >>> - >>> -#Controls source route verification >>> -net.ipv4.conf.default.rp_filter=1 >>> - >>> -#Do not accept source routing >>> -net.ipv4.conf.all.accept_source_route=0 >>> -net.ipv4.conf.all.accept_redirects=0 >>> -net.ipv4.conf.default.accept_source_route=0 >>> -net.ipv4.conf.default.accept_redirects=0 >>> -net.ipv4.icmp_echo_ignore_broadcasts=1 >>> -net.ipv4.icmp_ignore_bogus_error_responses=1 >>> -net.ipv4.ip_forward=0 >>> -# net.ipv6.conf.all.forwarding=1 >>> - >>> -# disable bridge firewalling by default >>> -net.bridge.bridge-nf-call-arptables=0 >>> -net.bridge.bridge-nf-call-ip6tables=0 >>> -net.bridge.bridge-nf-call-iptables=0 >>> - >>> -net.ipv6.conf.default.accept_dad=0 >>> -net.ipv6.conf.default.accept_ra=0 >>> -net.ipv6.conf.default.accept_redirects=0 >>> -net.ipv6.conf.all.accept_dad=0 >>> -net.ipv6.conf.all.accept_ra=1 >>> -net.ipv6.conf.all.accept_redirects=0 >>> - >>> -# Number of Router Solicitations to send until assuming no routers are present. >>> -# This is host and not router >>> -net.ipv6.conf.default.router_solicitations = 0 >>> -net.ipv6.conf.all.router_solicitations = 0 >>> - >>> -# Accept Router Preference in RA? >>> -net.ipv6.conf.default.accept_ra_rtr_pref = 0 >>> -net.ipv6.conf.all.accept_ra_rtr_pref = 1 >>> - >>> -# Learn Prefix Information in Router Advertisement >>> -net.ipv6.conf.default.accept_ra_pinfo = 0 >>> -net.ipv6.conf.all.accept_ra_pinfo = 1 >>> - >>> -# Setting controls whether the system will accept Hop Limit settings from a router advertisement >>> -net.ipv6.conf.default.accept_ra_defrtr = 0 >>> -net.ipv6.conf.all.accept_ra_defrtr = 1 >>> - >>> -#router advertisements can cause the system to assign a global unicast address to an interface >>> -net.ipv6.conf.default.autoconf = 0 >>> -net.ipv6.conf.all.autoconf = 1 >>> - >>> -#how many neighbor solicitations to send out per address? >>> -net.ipv6.conf.default.dad_transmits = 3 >>> -net.ipv6.conf.all.dad_transmits = 3 >>> - >>> -# How many global unicast IPv6 addresses can be assigned to each interface? >>> -net.ipv6.conf.default.max_addresses = 0 >>> -net.ipv6.conf.all.max_addresses = 0 >>> \ No newline at end of file >>> diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf >>> new file mode 100644 >>> index 0000000..5c61a73 >>> --- /dev/null >>> +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf >>> @@ -0,0 +1,70 @@ >>> +net.ipv4.conf.default.arp_ignore=1 >>> +net.ipv4.conf.all.arp_ignore=1 >>> +net.ipv4.conf.all.forwarding=0 >>> +net.ipv4.conf.all.send_redirects=0 >>> +net.ipv4.tcp_ecn=0 >>> +net.ipv4.tcp_fin_timeout=30 >>> +net.ipv4.tcp_keepalive_time=120 >>> +net.ipv4.tcp_syncookies=1 >>> +net.ipv4.tcp_timestamps=0 >>> +net.ipv4.netfilter.ip_conntrack_checksum=0 >>> +net.ipv4.netfilter.ip_conntrack_max=16384 >>> +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 >>> +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 >>> +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 >>> +net.core.netdev_max_backlog=30 >>> +net.netfilter.nf_conntrack_checksum=0 >>> + >>> +#Controls source route verification >>> +net.ipv4.conf.default.rp_filter=1 >>> + >>> +#Do not accept source routing >>> +net.ipv4.conf.all.accept_source_route=0 >>> +net.ipv4.conf.all.accept_redirects=0 >>> +net.ipv4.conf.default.accept_source_route=0 >>> +net.ipv4.conf.default.accept_redirects=0 >>> +net.ipv4.icmp_echo_ignore_broadcasts=1 >>> +net.ipv4.icmp_ignore_bogus_error_responses=1 >>> +net.ipv4.ip_forward=0 >>> +# net.ipv6.conf.all.forwarding=1 >>> + >>> +# disable bridge firewalling by default >>> +net.bridge.bridge-nf-call-arptables=0 >>> +net.bridge.bridge-nf-call-ip6tables=0 >>> +net.bridge.bridge-nf-call-iptables=0 >>> + >>> +net.ipv6.conf.default.accept_dad=0 >>> +net.ipv6.conf.default.accept_ra=0 >>> +net.ipv6.conf.default.accept_redirects=0 >>> +net.ipv6.conf.all.accept_dad=0 >>> +net.ipv6.conf.all.accept_ra=1 >>> +net.ipv6.conf.all.accept_redirects=0 >>> + >>> +# Number of Router Solicitations to send until assuming no routers are present. >>> +# This is host and not router >>> +net.ipv6.conf.default.router_solicitations = 0 >>> +net.ipv6.conf.all.router_solicitations = 0 >>> + >>> +# Accept Router Preference in RA? >>> +net.ipv6.conf.default.accept_ra_rtr_pref = 0 >>> +net.ipv6.conf.all.accept_ra_rtr_pref = 1 >>> + >>> +# Learn Prefix Information in Router Advertisement >>> +net.ipv6.conf.default.accept_ra_pinfo = 0 >>> +net.ipv6.conf.all.accept_ra_pinfo = 1 >>> + >>> +# Setting controls whether the system will accept Hop Limit settings from a router advertisement >>> +net.ipv6.conf.default.accept_ra_defrtr = 0 >>> +net.ipv6.conf.all.accept_ra_defrtr = 1 >>> + >>> +#router advertisements can cause the system to assign a global unicast address to an interface >>> +net.ipv6.conf.default.autoconf = 0 >>> +net.ipv6.conf.all.autoconf = 1 >>> + >>> +#how many neighbor solicitations to send out per address? >>> +net.ipv6.conf.default.dad_transmits = 3 >>> +net.ipv6.conf.all.dad_transmits = 3 >>> + >>> +# How many global unicast IPv6 addresses can be assigned to each interface? >>> +net.ipv6.conf.default.max_addresses = 0 >>> +net.ipv6.conf.all.max_addresses = 0 >> > > >
Signed-off-by: Tim Niemeyer <tim@tn-x.org> --- Changes in v2: None bsp/default/root_file_system/etc/sysctl.conf | 70 ---------------------- .../files/etc/sysctl.d/50-fff-network.conf | 70 ++++++++++++++++++++++ 2 files changed, 70 insertions(+), 70 deletions(-) create mode 100644 src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf