| Message ID | 20180303203234.12546-1-tim@tn-x.org |
|---|---|
| State | Accepted |
| Headers | show |
diff --git a/bsp/default/root_file_system/etc/sysctl.conf b/bsp/default/root_file_system/etc/sysctl.conf index f6d85a7..34ce708 100644 --- a/bsp/default/root_file_system/etc/sysctl.conf +++ b/bsp/default/root_file_system/etc/sysctl.conf @@ -1,71 +1 @@ kernel.panic=3 -net.ipv4.conf.default.arp_ignore=1 -net.ipv4.conf.all.arp_ignore=1 -net.ipv4.conf.all.forwarding=0 -net.ipv4.conf.all.send_redirects=0 -net.ipv4.tcp_ecn=0 -net.ipv4.tcp_fin_timeout=30 -net.ipv4.tcp_keepalive_time=120 -net.ipv4.tcp_syncookies=1 -net.ipv4.tcp_timestamps=0 -net.ipv4.netfilter.ip_conntrack_checksum=0 -net.ipv4.netfilter.ip_conntrack_max=16384 -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 -net.ipv4.netfilter.ip_conntrack_udp_timeout=60 -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 -net.core.netdev_max_backlog=30 -net.netfilter.nf_conntrack_checksum=0 - -#Controls source route verification -net.ipv4.conf.default.rp_filter=1 - -#Do not accept source routing -net.ipv4.conf.all.accept_source_route=0 -net.ipv4.conf.all.accept_redirects=0 -net.ipv4.conf.default.accept_source_route=0 -net.ipv4.conf.default.accept_redirects=0 -net.ipv4.icmp_echo_ignore_broadcasts=1 -net.ipv4.icmp_ignore_bogus_error_responses=1 -net.ipv4.ip_forward=0 -# net.ipv6.conf.all.forwarding=1 - -# disable bridge firewalling by default -net.bridge.bridge-nf-call-arptables=0 -net.bridge.bridge-nf-call-ip6tables=0 -net.bridge.bridge-nf-call-iptables=0 - -net.ipv6.conf.default.accept_dad=0 -net.ipv6.conf.default.accept_ra=0 -net.ipv6.conf.default.accept_redirects=0 -net.ipv6.conf.all.accept_dad=0 -net.ipv6.conf.all.accept_ra=1 -net.ipv6.conf.all.accept_redirects=0 - -# Number of Router Solicitations to send until assuming no routers are present. -# This is host and not router -net.ipv6.conf.default.router_solicitations = 0 -net.ipv6.conf.all.router_solicitations = 0 - -# Accept Router Preference in RA? -net.ipv6.conf.default.accept_ra_rtr_pref = 0 -net.ipv6.conf.all.accept_ra_rtr_pref = 1 - -# Learn Prefix Information in Router Advertisement -net.ipv6.conf.default.accept_ra_pinfo = 0 -net.ipv6.conf.all.accept_ra_pinfo = 1 - -# Setting controls whether the system will accept Hop Limit settings from a router advertisement -net.ipv6.conf.default.accept_ra_defrtr = 0 -net.ipv6.conf.all.accept_ra_defrtr = 1 - -#router advertisements can cause the system to assign a global unicast address to an interface -net.ipv6.conf.default.autoconf = 0 -net.ipv6.conf.all.autoconf = 1 - -#how many neighbor solicitations to send out per address? -net.ipv6.conf.default.dad_transmits = 3 -net.ipv6.conf.all.dad_transmits = 3 - -# How many global unicast IPv6 addresses can be assigned to each interface? -net.ipv6.conf.default.max_addresses = 0 -net.ipv6.conf.all.max_addresses = 0 \ No newline at end of file diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf new file mode 100644 index 0000000..5c61a73 --- /dev/null +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf @@ -0,0 +1,70 @@ +net.ipv4.conf.default.arp_ignore=1 +net.ipv4.conf.all.arp_ignore=1 +net.ipv4.conf.all.forwarding=0 +net.ipv4.conf.all.send_redirects=0 +net.ipv4.tcp_ecn=0 +net.ipv4.tcp_fin_timeout=30 +net.ipv4.tcp_keepalive_time=120 +net.ipv4.tcp_syncookies=1 +net.ipv4.tcp_timestamps=0 +net.ipv4.netfilter.ip_conntrack_checksum=0 +net.ipv4.netfilter.ip_conntrack_max=16384 +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 +net.core.netdev_max_backlog=30 +net.netfilter.nf_conntrack_checksum=0 + +#Controls source route verification +net.ipv4.conf.default.rp_filter=1 + +#Do not accept source routing +net.ipv4.conf.all.accept_source_route=0 +net.ipv4.conf.all.accept_redirects=0 +net.ipv4.conf.default.accept_source_route=0 +net.ipv4.conf.default.accept_redirects=0 +net.ipv4.icmp_echo_ignore_broadcasts=1 +net.ipv4.icmp_ignore_bogus_error_responses=1 +net.ipv4.ip_forward=0 +# net.ipv6.conf.all.forwarding=1 + +# disable bridge firewalling by default +net.bridge.bridge-nf-call-arptables=0 +net.bridge.bridge-nf-call-ip6tables=0 +net.bridge.bridge-nf-call-iptables=0 + +net.ipv6.conf.default.accept_dad=0 +net.ipv6.conf.default.accept_ra=0 +net.ipv6.conf.default.accept_redirects=0 +net.ipv6.conf.all.accept_dad=0 +net.ipv6.conf.all.accept_ra=1 +net.ipv6.conf.all.accept_redirects=0 + +# Number of Router Solicitations to send until assuming no routers are present. +# This is host and not router +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.all.router_solicitations = 0 + +# Accept Router Preference in RA? +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.all.accept_ra_rtr_pref = 1 + +# Learn Prefix Information in Router Advertisement +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.all.accept_ra_pinfo = 1 + +# Setting controls whether the system will accept Hop Limit settings from a router advertisement +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.all.accept_ra_defrtr = 1 + +#router advertisements can cause the system to assign a global unicast address to an interface +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.all.autoconf = 1 + +#how many neighbor solicitations to send out per address? +net.ipv6.conf.default.dad_transmits = 3 +net.ipv6.conf.all.dad_transmits = 3 + +# How many global unicast IPv6 addresses can be assigned to each interface? +net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.all.max_addresses = 0
Hi Und applied. Tim Am Samstag, den 03.03.2018, 21:32 +0100 schrieb Tim Niemeyer: > Signed-off-by: Tim Niemeyer <tim@tn-x.org> > Reviewed-by: Robert Langhammer <rlanghammer@web.de> > Reviewed-by: Christian Dresel <fff@chrisi01.de> > Tested-by: Christian Dresel <fff@chrisi01.de> > --- > > Changes in v3: None > Changes in v2: None > > bsp/default/root_file_system/etc/sysctl.conf | 70 ------------ > ---------- > .../files/etc/sysctl.d/50-fff-network.conf | 70 > ++++++++++++++++++++++ > 2 files changed, 70 insertions(+), 70 deletions(-) > create mode 100644 src/packages/fff/fff- > network/files/etc/sysctl.d/50-fff-network.conf > > diff --git a/bsp/default/root_file_system/etc/sysctl.conf > b/bsp/default/root_file_system/etc/sysctl.conf > index f6d85a7..34ce708 100644 > --- a/bsp/default/root_file_system/etc/sysctl.conf > +++ b/bsp/default/root_file_system/etc/sysctl.conf > @@ -1,71 +1 @@ > kernel.panic=3 > -net.ipv4.conf.default.arp_ignore=1 > -net.ipv4.conf.all.arp_ignore=1 > -net.ipv4.conf.all.forwarding=0 > -net.ipv4.conf.all.send_redirects=0 > -net.ipv4.tcp_ecn=0 > -net.ipv4.tcp_fin_timeout=30 > -net.ipv4.tcp_keepalive_time=120 > -net.ipv4.tcp_syncookies=1 > -net.ipv4.tcp_timestamps=0 > -net.ipv4.netfilter.ip_conntrack_checksum=0 > -net.ipv4.netfilter.ip_conntrack_max=16384 > -net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 > -net.ipv4.netfilter.ip_conntrack_udp_timeout=60 > -net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 > -net.core.netdev_max_backlog=30 > -net.netfilter.nf_conntrack_checksum=0 > - > -#Controls source route verification > -net.ipv4.conf.default.rp_filter=1 > - > -#Do not accept source routing > -net.ipv4.conf.all.accept_source_route=0 > -net.ipv4.conf.all.accept_redirects=0 > -net.ipv4.conf.default.accept_source_route=0 > -net.ipv4.conf.default.accept_redirects=0 > -net.ipv4.icmp_echo_ignore_broadcasts=1 > -net.ipv4.icmp_ignore_bogus_error_responses=1 > -net.ipv4.ip_forward=0 > -# net.ipv6.conf.all.forwarding=1 > - > -# disable bridge firewalling by default > -net.bridge.bridge-nf-call-arptables=0 > -net.bridge.bridge-nf-call-ip6tables=0 > -net.bridge.bridge-nf-call-iptables=0 > - > -net.ipv6.conf.default.accept_dad=0 > -net.ipv6.conf.default.accept_ra=0 > -net.ipv6.conf.default.accept_redirects=0 > -net.ipv6.conf.all.accept_dad=0 > -net.ipv6.conf.all.accept_ra=1 > -net.ipv6.conf.all.accept_redirects=0 > - > -# Number of Router Solicitations to send until assuming no routers > are present. > -# This is host and not router > -net.ipv6.conf.default.router_solicitations = 0 > -net.ipv6.conf.all.router_solicitations = 0 > - > -# Accept Router Preference in RA? > -net.ipv6.conf.default.accept_ra_rtr_pref = 0 > -net.ipv6.conf.all.accept_ra_rtr_pref = 1 > - > -# Learn Prefix Information in Router Advertisement > -net.ipv6.conf.default.accept_ra_pinfo = 0 > -net.ipv6.conf.all.accept_ra_pinfo = 1 > - > -# Setting controls whether the system will accept Hop Limit settings > from a router advertisement > -net.ipv6.conf.default.accept_ra_defrtr = 0 > -net.ipv6.conf.all.accept_ra_defrtr = 1 > - > -#router advertisements can cause the system to assign a global > unicast address to an interface > -net.ipv6.conf.default.autoconf = 0 > -net.ipv6.conf.all.autoconf = 1 > - > -#how many neighbor solicitations to send out per address? > -net.ipv6.conf.default.dad_transmits = 3 > -net.ipv6.conf.all.dad_transmits = 3 > - > -# How many global unicast IPv6 addresses can be assigned to each > interface? > -net.ipv6.conf.default.max_addresses = 0 > -net.ipv6.conf.all.max_addresses = 0 > \ No newline at end of file > diff --git a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff- > network.conf b/src/packages/fff/fff-network/files/etc/sysctl.d/50- > fff-network.conf > new file mode 100644 > index 0000000..5c61a73 > --- /dev/null > +++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff- > network.conf > @@ -0,0 +1,70 @@ > +net.ipv4.conf.default.arp_ignore=1 > +net.ipv4.conf.all.arp_ignore=1 > +net.ipv4.conf.all.forwarding=0 > +net.ipv4.conf.all.send_redirects=0 > +net.ipv4.tcp_ecn=0 > +net.ipv4.tcp_fin_timeout=30 > +net.ipv4.tcp_keepalive_time=120 > +net.ipv4.tcp_syncookies=1 > +net.ipv4.tcp_timestamps=0 > +net.ipv4.netfilter.ip_conntrack_checksum=0 > +net.ipv4.netfilter.ip_conntrack_max=16384 > +net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 > +net.ipv4.netfilter.ip_conntrack_udp_timeout=60 > +net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180 > +net.core.netdev_max_backlog=30 > +net.netfilter.nf_conntrack_checksum=0 > + > +#Controls source route verification > +net.ipv4.conf.default.rp_filter=1 > + > +#Do not accept source routing > +net.ipv4.conf.all.accept_source_route=0 > +net.ipv4.conf.all.accept_redirects=0 > +net.ipv4.conf.default.accept_source_route=0 > +net.ipv4.conf.default.accept_redirects=0 > +net.ipv4.icmp_echo_ignore_broadcasts=1 > +net.ipv4.icmp_ignore_bogus_error_responses=1 > +net.ipv4.ip_forward=0 > +# net.ipv6.conf.all.forwarding=1 > + > +# disable bridge firewalling by default > +net.bridge.bridge-nf-call-arptables=0 > +net.bridge.bridge-nf-call-ip6tables=0 > +net.bridge.bridge-nf-call-iptables=0 > + > +net.ipv6.conf.default.accept_dad=0 > +net.ipv6.conf.default.accept_ra=0 > +net.ipv6.conf.default.accept_redirects=0 > +net.ipv6.conf.all.accept_dad=0 > +net.ipv6.conf.all.accept_ra=1 > +net.ipv6.conf.all.accept_redirects=0 > + > +# Number of Router Solicitations to send until assuming no routers > are present. > +# This is host and not router > +net.ipv6.conf.default.router_solicitations = 0 > +net.ipv6.conf.all.router_solicitations = 0 > + > +# Accept Router Preference in RA? > +net.ipv6.conf.default.accept_ra_rtr_pref = 0 > +net.ipv6.conf.all.accept_ra_rtr_pref = 1 > + > +# Learn Prefix Information in Router Advertisement > +net.ipv6.conf.default.accept_ra_pinfo = 0 > +net.ipv6.conf.all.accept_ra_pinfo = 1 > + > +# Setting controls whether the system will accept Hop Limit settings > from a router advertisement > +net.ipv6.conf.default.accept_ra_defrtr = 0 > +net.ipv6.conf.all.accept_ra_defrtr = 1 > + > +#router advertisements can cause the system to assign a global > unicast address to an interface > +net.ipv6.conf.default.autoconf = 0 > +net.ipv6.conf.all.autoconf = 1 > + > +#how many neighbor solicitations to send out per address? > +net.ipv6.conf.default.dad_transmits = 3 > +net.ipv6.conf.all.dad_transmits = 3 > + > +# How many global unicast IPv6 addresses can be assigned to each > interface? > +net.ipv6.conf.default.max_addresses = 0 > +net.ipv6.conf.all.max_addresses = 0