| Re: all vs. default in /proc/sys/net/ipv4/conf [message #3144 is a reply to message #3143] |
Mon, 15 May 2006 05:18  |
John Kelly
Messages: 97
Registered: May 2006
Location: Palmetto State
|
Member |
|
|
| John Kelly wrote on Sun, 14 May 2006 21:33 |
When the venet interfaces come up, they will (presumably, not tested) inherit the default value of TRUE, which is undesirable.
|
That's true, I tested it.
However, now I see in /etc/sysconfig/network-scripts/ifup-venet where they use:
| Quote: |
sysctl -w net.ipv4.conf.$vznet.send_redirects=0
|
to explicitly disable redirects on venet0, no matter what the prior sysctl settings were.
Now that I see how all the pieces fit together, I suppose the quick install guide recommendation is a reasonable default, because after running the /etc/sysconfig/network-scripts/ifup-venet script, the end result is that you have redirects on all interfaces except venet0.
OTOH, if you want to use _only_ /etc/sysctl.conf to disable redirects on both venet0 and lo, and explicitly enable redirects on each hardware interface (eth0, eth1, ...), now we know how. And what's more, we know the difference between "all" vs. "default" in the sysctl settings. The securityfocus article was wrong, heh.
[Updated on: Mon, 15 May 2006 05:28] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
