X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsysctl.d.xml;h=dd73f922363081ab76f68570d1557782e4a5d113;hb=1b6d7fa742e303611dff8d7ebfa86ee5fb8b7dc7;hp=aec584a14e1ed67d2208254c5dbd16894c29f7ee;hpb=0e25e94ea72ca3db70484014280ddb709840f952;p=elogind.git
diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml
index aec584a14..dd73f9223 100644
--- a/man/sysctl.d.xml
+++ b/man/sysctl.d.xml
@@ -55,7 +55,7 @@
Description
At boot,
- systemd-binfmt.service8
+ systemd-sysctl.service8
reads configuration files from the above directories
to configure
sysctl8
@@ -68,16 +68,11 @@
The configuration files contain a list of
variable assignments, separated by newlines. Empty
lines and lines whose first non-whitespace character
- is # or ; are ignored.
-
- Note that both / and . are accepted as label
- separators within sysctl variable
- names. kernel.domainname=foo and
- kernel/domainname=foo hence are
- entirely equivalent.
+ is # or ; are
+ ignored.
Each configuration file shall be named in the
- style of <program>.conf.
+ style of program.conf.
Files in /etc/ override files
with the same name in /usr/lib/
and /run/. Files in
@@ -89,27 +84,106 @@
administrator, who may use this logic to override the
configuration files installed by vendor packages. All
configuration files are sorted by their filename in
- alphabetical order, regardless in which of the
- directories they reside, to guarantee that a specific
- configuration file takes precedence over another file
- with an alphabetically earlier name, if both files
- contain the same variable setting.
+ lexicographic order, regardless of which of the
+ directories they reside in. If multiple files specify the
+ same variable name, the entry in the file with the
+ lexicographically latest name will be applied. It is
+ recommended to prefix all filenames with a two-digit
+ number and a dash, to simplify the ordering of the
+ files.
+
+ Note that either / or
+ . may be used as separators within
+ sysctl variable names. If the first separator is a
+ slash, remaining slashes and dots are left intact. If
+ the first separator is a dot, dots and slashes are
+ interchanged. kernel.domainname=foo
+ and kernel/domainname=foo are
+ equivalent and will cause foo to
+ be written to
+ /proc/sys/kernel/domainname.
+ Either
+ net.ipv4.conf.enp3s0/200.forwarding
+ or
+ net/ipv4/conf/enp3s0.200/forwarding
+ may be used to refer to
+ /proc/sys/net/ipv4/conf/enp3s0.200/forwarding.
+
If the administrator wants to disable a
- configuration file supplied by the vendor the
+ configuration file supplied by the vendor, the
recommended way is to place a symlink to
/dev/null in
/etc/sysctl.d/ bearing the
- same file name.
+ same filename.
+
+ The settings configured with
+ sysctl.d files will be applied
+ early on boot. The network interface-specific options
+ will also be applied individually for each network
+ interface as it shows up in the system. (More
+ specifically,
+ net.ipv4.conf.*,
+ net.ipv6.conf.*,
+ net.ipv4.neigh.* and net.ipv6.neigh.*).
+
+ Many sysctl parameters only become available
+ when certain kernel modules are loaded. Modules are
+ usually loaded on demand, e.g. when certain hardware
+ is plugged in or network brought up. This means that
+ systemd-sysctl.service8 which runs
+ during early boot will not configure such parameters
+ if they become available after it has run. To
+ set such parameters, it is recommended to add
+ an udev7 rule to set those parameters when they become
+ available. Alternatively, a slightly simpler and
+ less efficient option is to add the module to
+ modules-load.d5, causing it to be loaded statically
+ before sysctl settings are applied (see
+ example below).
- Example
+ Examples
+
+ Set kernel YP domain name
+ /etc/sysctl.d/domain-name.conf:
+
+
+ kernel.domainname=example.com
+
+
+
+ Disable packet filter on bridged packets (method one)
+ /etc/udev/rules.d/99-bridge.conf:
+
+
+ ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
+
+
+ /etc/sysctl.d/bridge.conf:
+
+
+ net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+
+
+
- /etc/sysctl.d/domain-name.conf example:
+ Disable packet filter on bridged packets (method two)
+ /etc/modules-load.d/bridge.conf:
+
+
+ bridge
+
+ /etc/sysctl.d/bridge.conf:
+
- # Set kernel YP domain name
-kernel.domainname=example.com
+ net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+
@@ -121,6 +195,7 @@ kernel.domainname=example.com
systemd-delta1,
sysctl8,
sysctl.conf5
+ modprobe8