X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsysctl.d.xml;h=7b51b68cc665c71137b143300c4068cac16f9060;hb=a44b10818a531787c359f6446d218a975503f032;hp=ce5c34f9a209b2c3fee013d3a067dce2b4100cfc;hpb=0b429ab7fca2aa139ffbeeac8bdcfbbd21cc1a60;p=elogind.git
diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml
index ce5c34f9a..7b51b68cc 100644
--- a/man/sysctl.d.xml
+++ b/man/sysctl.d.xml
@@ -68,13 +68,8 @@
The configuration files contain a list of
variable assignments, separated by newlines. Empty
lines and lines whose first non-whitespace character
- is # or ; are ignored.
-
- Note that both / and . are accepted as label
- separators within sysctl variable
- names. kernel.domainname=foo and
- kernel/domainname=foo hence are
- entirely equivalent.
+ is # or ; are
+ ignored.
Each configuration file shall be named in the
style of program.conf.
@@ -89,11 +84,31 @@
administrator, who may use this logic to override the
configuration files installed by vendor packages. All
configuration files are sorted by their filename in
- alphabetical order, regardless in which of the
- directories they reside, to guarantee that a specific
- configuration file takes precedence over another file
- with an alphabetically earlier name, if both files
- contain the same variable setting.
+ lexicographic order, regardless of which of the
+ directories they reside in. If multiple files specify the
+ same variable name, the entry in the file with the
+ lexicographically latest name will be applied. It is
+ recommended to prefix all filenames with a two-digit
+ number and a dash, to simplify the ordering of the
+ files.
+
+ Note that either / or
+ . may be used as separators within
+ sysctl variable names. If the first separator is a
+ slash, remaining slashes and dots are left intact. If
+ the first separator is a dot, dots and slashes are
+ interchanged. kernel.domainname=foo
+ and kernel/domainname=foo are
+ equivalent and will cause foo to
+ be written to
+ /proc/sys/kernel/domainname.
+ Either
+ net.ipv4.conf.enp3s0/200.forwarding
+ or
+ net/ipv4/conf/enp3s0.200/forwarding
+ may be used to refer to
+ /proc/sys/net/ipv4/conf/enp3s0.200/forwarding.
+
If the administrator wants to disable a
configuration file supplied by the vendor, the
@@ -101,15 +116,74 @@
/dev/null in
/etc/sysctl.d/ bearing the
same filename.
+
+ The settings configured with
+ sysctl.d files will be applied
+ early on boot. The network interface-specific options
+ will also be applied individually for each network
+ interface as it shows up in the system. (More
+ specifically,
+ net.ipv4.conf.*,
+ net.ipv6.conf.*,
+ net.ipv4.neigh.* and net.ipv6.neigh.*).
+
+ Many sysctl parameters only become available
+ when certain kernel modules are loaded. Modules are
+ usually loaded on demand, e.g. when certain hardware
+ is plugged in or network brought up. This means that
+ systemd-sysctl.service8 which runs
+ during early boot will not configure such parameters
+ if they become available after it has run. To
+ set such parameters, it is recommended to add
+ an udev7 rule to set those parameters when they become
+ available. Alternatively, a slightly simpler and
+ less efficient option is to add the module to
+ modules-load.d5, causing it to be loaded statically
+ before sysctl settings are applied (see
+ example below).
- Example
+ Examples
+
+ Set kernel YP domain name
+ /etc/sysctl.d/domain-name.conf:
+
+
+ kernel.domainname=example.com
+
+
- /etc/sysctl.d/domain-name.conf example:
+ Disable packet filter on bridged packets (method one)
+ /etc/udev/rules.d/99-bridge.rules:
+
+
+ ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge"
+
+
+ /etc/sysctl.d/bridge.conf:
+
+
+ net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+
+
+
+
+ Disable packet filter on bridged packets (method two)
+ /etc/modules-load.d/bridge.conf:
+
+
+ bridge
+
+ /etc/sysctl.d/bridge.conf:
+
- # Set kernel YP domain name
-kernel.domainname=example.com
+ net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+
@@ -120,7 +194,8 @@ kernel.domainname=example.com
systemd-sysctl.service8,
systemd-delta1,
sysctl8,
- sysctl.conf5
+ sysctl.conf5,
+ modprobe8