X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsysctl.d.xml;h=ed9e997f8ae777f142f9050f83a3f577bf8a282c;hb=c305edb643130cbb2a9cc1414c216e21d227f32f;hp=00a857b11a3cd4ca30140db9f61cff8a4d943a2a;hpb=8f03fd08911016d8bbcad5892b2c07b30a4c2306;p=elogind.git
diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml
index 00a857b11..ed9e997f8 100644
--- a/man/sysctl.d.xml
+++ b/man/sysctl.d.xml
@@ -68,13 +68,8 @@
The configuration files contain a list of
variable assignments, separated by newlines. Empty
lines and lines whose first non-whitespace character
- is # or ; are ignored.
-
- Note that both / and . are accepted as label
- separators within sysctl variable
- names. kernel.domainname=foo and
- kernel/domainname=foo hence are
- entirely equivalent.
+ is # or ; are
+ ignored.
Each configuration file shall be named in the
style of program.conf.
@@ -97,6 +92,24 @@
number and a dash, to simplify the ordering of the
files.
+ Note that either / or
+ . may be used as separators within
+ sysctl variable names. If the first separator is a
+ slash, remaining slashes and dots are left intact. If
+ the first separator is a dot, dots and slashes are
+ interchanged. kernel.domainname=foo
+ and kernel/domainname=foo are
+ equivalent and will cause foo to
+ be written to
+ /proc/sys/kernel/domainname.
+ Either
+ net.ipv4.conf.enp3s0/200.forwarding
+ or
+ net/ipv4/conf/enp3s0.200/forwarding
+ may be used to refer to
+ /proc/sys/net/ipv4/conf/enp3s0.200/forwarding.
+
+
If the administrator wants to disable a
configuration file supplied by the vendor, the
recommended way is to place a symlink to
@@ -109,19 +122,68 @@
early on boot. The network interface-specific options
will also be applied individually for each network
interface as it shows up in the system. (More
- specifically, that is
+ specifically,
net.ipv4.conf.*,
net.ipv6.conf.*,
- net.ipv4.neigh.* and net.ipv6.neigh.*)
+ net.ipv4.neigh.* and net.ipv6.neigh.*).
+
+ Many sysctl parameters only become available
+ when certain kernel modules are loaded. Modules are
+ usually loaded on demand, e.g. when certain hardware
+ is plugged in or network brought up. This means that
+ systemd-sysctl.service8 which runs
+ during early boot will not configure such parameters
+ if they become available after it has run. To
+ set such parameters, it is recommended to add
+ an udev7 rule to set those parameters when they become
+ available. Alternatively, a slightly simpler and
+ less efficient option is to add the module to
+ modules-load.d5, causing it to be loaded statically
+ before sysctl settings are applied (see
+ example below).
- Example
+ Examples
+
+ Set kernel YP domain name
+ /etc/sysctl.d/domain-name.conf:
+
+
+ kernel.domainname=example.com
+
+
- /etc/sysctl.d/domain-name.conf example:
+ Disable packet filter on the bridge (method one)
+ /etc/udev/rules.d/99-bridge.conf:
+
+
+ ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
+
+
+ /etc/sysctl.d/bridge.conf:
+
+
+ net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+
+
+
+
+ Disable packet filter on the bridge (method two)
+ /etc/modules-load.d/bridge.conf:
+
+
+ bridge
+
+ /etc/sysctl.d/bridge.conf:
+
- # Set kernel YP domain name
-kernel.domainname=example.com
+ net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+
@@ -133,6 +195,7 @@ kernel.domainname=example.com
systemd-delta1,
sysctl8,
sysctl.conf5
+ modprobe8