Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
inbox:firewall:firewall_components [2018/09/16 12:09] – ↷ Links adapted because of a move operation bobafetthotmaildocs:guide-user:firewall:firewall_components [2020/07/15 17:42] – [Kernel Tuning via sysctl] updated vgaetera
Line 11: Line 11:
 components to the OpenWrt firewall: components to the OpenWrt firewall:
  
-  - the [[inbox:firewall:overview|firewall3]] application+  - the [[docs:guide-user:firewall:overview|firewall3]] application
   - a set of netfilter hooks in the kernel networking stacks   - a set of netfilter hooks in the kernel networking stacks
   - a set of linux kernel modules that handle the inspection of network packets   - a set of linux kernel modules that handle the inspection of network packets
   - a set of kernel tuning parameters to configure the network stacks and firewall modules   - a set of kernel tuning parameters to configure the network stacks and firewall modules
  
-This documentation is based on +This documentation is based on [[releases:18.06:notes-18.06.0|OpenWrt 18.06.0]].
-[[https://openwrt.org/releases/18.06/notes-18.06.0|OpenWrt 18.06.0]].+
 Many of the configurations have been tested against this release using the Many of the configurations have been tested against this release using the
-[[inbox:firewall:fw3_configurations:fw3_ref_topo|test network]]+[[docs:guide-user:firewall:fw3_configurations:fw3_ref_topo|test network]]
  
 ===== Firewall3 (fw3) ===== ===== Firewall3 (fw3) =====
-The [[inbox:firewall:overview|fw3 application]] package is the main+The [[docs:guide-user:firewall:overview|fw3 application]] package is the main
 application used to provision the firewall.  It was developed by the OpenWrt application used to provision the firewall.  It was developed by the OpenWrt
 team specifically for the project. team specifically for the project.
Line 63: Line 62:
  
 ===== Kernel Tuning via sysctl ===== ===== Kernel Tuning via sysctl =====
-''/etc/init.d/sysctl'' is executed at boot time.  This is a shell script that +''/etc/init.d/sysctl'' is executed at boot time. 
-loads ''/etc/sysctl.conf'' and all files under ''/etc/sysctl.d/'' These +This is a shell script that loads ''/etc/sysctl.conf'' and all files under ''/etc/sysctl.d/''. 
-set/tune kernel parameters to provide OpenWrt features.  See +These set/tune kernel parameters to provide OpenWrt features. 
-[[http://man7.org/linux/man-pages/man5/sysctl.conf.5.html|sysctl.conf]]+See [[man>sysctl.conf]].
  
-All are parameters documented under the ''Documentation/networking'' directory +All are parameters documented under the ''Documentation/networking'' directory of kernel source tree so the specifics will not be repeated here. 
-of kernel source tree so the specifics will not be repeated here.  See +See ''ip-sysctl.txt'' and ''nf_conntrack-sysctl.txt'' for reference.
-''ip-sysctl.txt'' and ''nf_conntrack-sysctl.txt'' for reference.+
  
-:!: Since the OpenWrt feature set is fairly static, the kernel parameters almost +:!: Since the OpenWrt feature set is fairly static, the kernel parameters almost certainly do not need to tuned beyond the defaults provided in the build.
-certainly do not need to tuned beyond the defaults provided in the build.+
  
-:!: Notice that netfilter bridging support in the kernel is disabled!  See +:!: Notice that netfilter bridging support in the kernel is disabled! 
-''ip-sysctl.txt'':+See ''ip-sysctl.txt'':
  
-<file>+<code>
 bridge-nf-call-iptables - BOOLEAN bridge-nf-call-iptables - BOOLEAN
  1 : pass bridged IPv4 traffic to iptables' chains.  1 : pass bridged IPv4 traffic to iptables' chains.
  0 : disable this.  0 : disable this.
  Default: 1  Default: 1
-</file> +</code>
- +
-FIXME : the **sysctl** directives in ''/etc/init.d/sysctl'' are a superset of +
-those in the ''/etc/sysctl.d'' files.  The files in ''/etc/sysctl.d'' are +
-entirely redundant.  This may be a product of the build process. +
- +
  
  • Last modified: 2023/10/14 06:03
  • by vgaetera