Skip to content

Commit

Permalink
T671: move IPv6 setup from rl-system to sysctl
Browse files Browse the repository at this point in the history
  • Loading branch information
@c-po
c-po committed Jan 17, 2021
1 parent b74daed commit 0b6e833
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 27 deletions.
24 changes: 0 additions & 24 deletions scripts/rl-system.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,29 +118,6 @@ create_ssh_host_keys () {
fi;
}

set_ipv6_params ()
{
rm -f /var/run/vyatta/ipv6_no_fwd.*

# difficult to set new default values for IPV6 earlier
if [ ! -d /proc/sys/net/ipv6 ]; then
# Skip it if IPv6 is not loaded
return
fi

# Increase route table limit
echo 262144 >/proc/sys/net/ipv6/route/max_size

# These values all should be disabled
for p in accept_source_route accept_redirects
do
for d in /proc/sys/net/ipv6/conf/*
do
echo 0 > $d/$p
done
done
}

# These are all the default security setting which are later
# overridden when configuration is read. These are the values the
# system defaults.
Expand Down Expand Up @@ -177,7 +154,6 @@ start () {
add_new_serial_if || \
log_failure_msg "can\'t add serial interfaces"

set_ipv6_params
security_reset

update_version_info
Expand Down
10 changes: 7 additions & 3 deletions sysconf/vyatta-sysctl.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,16 +54,17 @@ net.ipv4.conf.default.rp_filter=0
# Enable tcp syn-cookies by default
net.ipv4.tcp_syncookies=1

# Disable accept_redirects for all
net.ipv4.conf.all.accept_redirects=0

# Disable accept_redirects by default for any interface
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0

# Disable accept_source_route by default
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.default.accept_source_route=0

# Enable send_redirects by default
net.ipv4.conf.all.send_redirects=1
Expand All @@ -74,6 +75,9 @@ net.core.rmem_max=2097152
# Enable packet forwarding for IPv6
net.ipv6.conf.all.forwarding=1

# Increase route table limit
net.ipv6.route.max_size = 262144

# Do not forget IPv6 addresses when a link goes down
net.ipv6.conf.default.keep_addr_on_down=1
net.ipv6.conf.all.keep_addr_on_down=1
Expand Down

0 comments on commit 0b6e833

Please sign in to comment.