1 <?xml version="1.0"?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 <refentry id="sysctl.d"
22 xmlns:xi="http://www.w3.org/2001/XInclude">
25 <title>sysctl.d</title>
26 <productname>systemd</productname>
30 <contrib>Developer</contrib>
31 <firstname>Lennart</firstname>
32 <surname>Poettering</surname>
33 <email>lennart@poettering.net</email>
39 <refentrytitle>sysctl.d</refentrytitle>
40 <manvolnum>5</manvolnum>
44 <refname>sysctl.d</refname>
45 <refpurpose>Configure kernel parameters at boot</refpurpose>
49 <para><filename>/etc/sysctl.d/*.conf</filename></para>
50 <para><filename>/run/sysctl.d/*.conf</filename></para>
51 <para><filename>/usr/lib/sysctl.d/*.conf</filename></para>
55 <title>Description</title>
58 <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
59 reads configuration files from the above directories
61 <citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
62 kernel parameters.</para>
66 <title>Configuration Format</title>
68 <para>The configuration files contain a list of
69 variable assignments, separated by newlines. Empty
70 lines and lines whose first non-whitespace character
71 is <literal>#</literal> or <literal>;</literal> are
74 <para>Note that either <literal>/</literal> or
75 <literal>.</literal> may be used as separators within
76 sysctl variable names. If the first separator is a
77 slash, remaining slashes and dots are left intact. If
78 the first separator is a dot, dots and slashes are
79 interchanged. <literal>kernel.domainname=foo</literal>
80 and <literal>kernel/domainname=foo</literal> are
81 equivalent and will cause <literal>foo</literal> to
83 <filename>/proc/sys/kernel/domainname</filename>.
85 <literal>net.ipv4.conf.enp3s0/200.forwarding</literal>
87 <literal>net/ipv4/conf/enp3s0.200/forwarding</literal>
88 may be used to refer to
89 <filename>/proc/sys/net/ipv4/conf/enp3s0.200/forwarding</filename>.
92 <para>The settings configured with
93 <filename>sysctl.d</filename> files will be applied
94 early on boot. The network interface-specific options
95 will also be applied individually for each network
96 interface as it shows up in the system. (More
98 <filename>net.ipv4.conf.*</filename>,
99 <filename>net.ipv6.conf.*</filename>,
100 <filename>net.ipv4.neigh.*</filename> and <filename>net.ipv6.neigh.*</filename>).</para>
102 <para>Many sysctl parameters only become available
103 when certain kernel modules are loaded. Modules are
104 usually loaded on demand, e.g. when certain hardware
105 is plugged in or network brought up. This means that
106 <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> which runs
107 during early boot will not configure such parameters
108 if they become available after it has run. To
109 set such parameters, it is recommended to add
110 an <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> rule to set those parameters when they become
111 available. Alternatively, a slightly simpler and
112 less efficient option is to add the module to
113 <citerefentry><refentrytitle>modules-load.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, causing it to be loaded statically
114 before sysctl settings are applied (see
115 example below).</para>
118 <xi:include href="standard-conf.xml" xpointer="confd" />
121 <title>Examples</title>
123 <title>Set kernel YP domain name</title>
124 <para><filename>/etc/sysctl.d/domain-name.conf</filename>:
127 <programlisting>kernel.domainname=example.com</programlisting>
131 <title>Disable packet filter on bridged packets (method one)</title>
132 <para><filename>/etc/udev/rules.d/99-bridge.rules</filename>:
135 <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge"
138 <para><filename>/etc/sysctl.d/bridge.conf</filename>:
141 <programlisting>net.bridge.bridge-nf-call-ip6tables = 0
142 net.bridge.bridge-nf-call-iptables = 0
143 net.bridge.bridge-nf-call-arptables = 0
148 <title>Disable packet filter on bridged packets (method two)</title>
149 <para><filename>/etc/modules-load.d/bridge.conf</filename>:
152 <programlisting>bridge</programlisting>
154 <para><filename>/etc/sysctl.d/bridge.conf</filename>:
157 <programlisting>net.bridge.bridge-nf-call-ip6tables = 0
158 net.bridge.bridge-nf-call-iptables = 0
159 net.bridge.bridge-nf-call-arptables = 0
165 <title>See Also</title>
167 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
168 <citerefentry><refentrytitle>systemd-sysctl.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
169 <citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
170 <citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
171 <citerefentry><refentrytitle>sysctl.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
172 <citerefentry><refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum></citerefentry>