On Wed, 31 Mar 2004 15:51:34 -0500, shane c branch wrote: > Roger wrote: > > > Around Wed, Mar 31, 2004 at 03:31:51PM -0500, shane c branch, wrote: > >> What is the best way to configure this file? I see documentation that > >> suggests > >> #sysctl -w <setting> > >> > >> and also some suggestions to edit the file manually. However, when I > >> look at the file, there's not much in there. Just two or three settings, > >> rather than many settings, with the disabled ones commented out. > >> > >> Also, once I get it configured, how do I make it take effect without a > >> reboot? > >> -- > > Here's some additional settings: > > net.ipv4.tcp_max_syn_backlog = 4096 > > net.ipv4.conf.all.rp_filter = 1 > > net.ipv4.conf.all.accept_source_route = 0 > > net.ipv4.conf.all.accept_redirects = 0 > > net.ipv4.conf.all.secure_redirects = 0 > > net.ipv4.conf.default.rp_filter = 1 > > net.ipv4.conf.default.accept_source_route = 0 > > net.ipv4.conf.default.accept_redirects = 0 > > net.ipv4.conf.default.secure_redirects = 0 > > > > These are taken from suggestions for ways to secure Redhat 9. > > Once you have what you want to add in sysctl.conf, then just > > sysctl -p > > should load the changes. > > or > > sysctl -p some-other-file > > if you haven't used the default /etc/sysctl.conf > > > > > > You should be able to then do a > > cat /proc/sys/net/ipv4/conf/default/secure_redirects > > to verify the setting of the last one in my list. > > Come to think of it, you may want to see what the setting is before you > > run sysctl -p (with whichever settings you want to add that is) > > > > roger > > > > > Thanks, that does help. I got the settings added and applied. The manual page doesn't suggest that -w <setting> can be used to edit the sysctl.conf file. -w is for writing values to the underlying /proc system manually, e.g. # sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 # sysctl -w net.ipv4.ip_forward=0 net.ipv4.ip_forward = 0 # sysctl -w foo error: 'foo' must be of the form name=value It does not save anything to the file. -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
