| Re: all vs. default in /proc/sys/net/ipv4/conf [message #3143 is a reply to message #3142] |
Mon, 15 May 2006 01:33   |
John Kelly
Messages: 97
Registered: May 2006
Location: Palmetto State
|
Member |
|
|
Now ...
The OpenVZ quick install guide recommends:
| Quote: |
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
|
Presumably, there is no need for venet interfaces to send redirects.
If that is true, then the recommended settings will not achieve the desired result. For the send_redirects sysctl, "all" is an OR switch, so "all" FALSE will _not_ prevent redirects on any interface which has value TRUE.
When the venet interfaces come up, they will (presumably, not tested) inherit the default value of TRUE, which is undesirable. To fix that, the default value should be FALSE. However, you may still want other interfaces, such as eth0, to send redirects, so they should be set to TRUE.
I'm not sure why you would want to send redirects on lo.
Maybe I will change my mind later, but here are the settings that seem right, atm.
| Quote: |
# Controls redirects, no need for venet interfaces to send them
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.lo.send_redirects = 0
|
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
