X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsysctl.d.xml;fp=man%2Fsysctl.d.xml;h=78c4e80b8ca089723c701dc299855b9ee44a3d54;hb=7284335adbb8cb2bc9c11f9e102906da1bf71145;hp=db53b495998b27671662d0c31619305a6fd93670;hpb=0b73eab7a2185ae0377650e3fdb8208347a8a575;p=elogind.git
diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml
index db53b4959..78c4e80b8 100644
--- a/man/sysctl.d.xml
+++ b/man/sysctl.d.xml
@@ -71,24 +71,6 @@
is # or ; are
ignored.
- Note that either / or
- . may be used as separators within
- sysctl variable names. If the first separator is a
- slash, remaining slashes and dots are left intact. If
- the first separator is a dot, dots and slashes are
- interchanged. kernel.domainname=foo
- and kernel/domainname=foo are
- equivalent and will cause foo to
- be written to
- /proc/sys/kernel/domainname.
- Either
- net.ipv4.conf.enp3s0/200.forwarding
- or
- net/ipv4/conf/enp3s0.200/forwarding
- may be used to refer to
- /proc/sys/net/ipv4/conf/enp3s0.200/forwarding.
-
-
Each configuration file shall be named in the
style of program.conf.
Files in /etc/ override files
@@ -110,6 +92,24 @@
number and a dash, to simplify the ordering of the
files.
+ Note that either / or
+ . may be used as separators within
+ sysctl variable names. If the first separator is a
+ slash, remaining slashes and dots are left intact. If
+ the first separator is a dot, dots and slashes are
+ interchanged. kernel.domainname=foo
+ and kernel/domainname=foo are
+ equivalent and will cause foo to
+ be written to
+ /proc/sys/kernel/domainname.
+ Either
+ net.ipv4.conf.enp3s0/200.forwarding
+ or
+ net/ipv4/conf/enp3s0.200/forwarding
+ may be used to refer to
+ /proc/sys/net/ipv4/conf/enp3s0.200/forwarding.
+
+
If the administrator wants to disable a
configuration file supplied by the vendor, the
recommended way is to place a symlink to
@@ -125,16 +125,48 @@
specifically,
net.ipv4.conf.*,
net.ipv6.conf.*,
- net.ipv4.neigh.* and net.ipv6.neigh.*)
+ net.ipv4.neigh.* and net.ipv6.neigh.*).
+
+ Many sysctl parameters only become available
+ when certain kernel modules are loaded. Modules are
+ usually loaded on demand, e.g. when certain hardware
+ is plugged in or network brought up. This means that
+ systemd-sysctl.service8 which runs
+ during early boot will not configure such parameters
+ if they become available after it has run. To
+ set such parameters, it is recommended to add
+ an udev7 rule to set those parameters when they become
+ available. Alternatively, a slightly simpler and
+ less efficient option is to add the module to
+ modules-load.d5, causing it to be loaded statically
+ before sysctl settings are applied (see
+ example below).
- Example
+ Examples
+
+ Set kernel YP domain name
+ /etc/sysctl.d/domain-name.conf:
+
+
+ kernel.domainname=example.com
+
+
- /etc/sysctl.d/domain-name.conf example:
+ Disable packet filter on the bridge
+ /etc/modules-load.d/bridge.conf:
+
+
+ bridge
+
+ /etc/sysctl.d/bridge.conf:
+
- # Set kernel YP domain name
-kernel.domainname=example.com
+ net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+
@@ -146,6 +178,7 @@ kernel.domainname=example.com
systemd-delta1,
sysctl8,
sysctl.conf5
+ modprobe8