Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
docs:guide-user:firewall:firewall_components [2019/07/14 16:19] – Link changed from external to internal (internal ones are automatically adjusted when pages are moved, external ones are not) tmomasdocs:guide-user:firewall:firewall_components [2020/07/15 17:42] – [Kernel Tuning via sysctl] updated vgaetera
Line 62: Line 62:
  
 ===== Kernel Tuning via sysctl ===== ===== Kernel Tuning via sysctl =====
-''/etc/init.d/sysctl'' is executed at boot time.  This is a shell script that +''/etc/init.d/sysctl'' is executed at boot time. 
-loads ''/etc/sysctl.conf'' and all files under ''/etc/sysctl.d/'' These +This is a shell script that loads ''/etc/sysctl.conf'' and all files under ''/etc/sysctl.d/''. 
-set/tune kernel parameters to provide OpenWrt features.  See +These set/tune kernel parameters to provide OpenWrt features. 
-[[http://man7.org/linux/man-pages/man5/sysctl.conf.5.html|sysctl.conf]]+See [[man>sysctl.conf]].
  
-All are parameters documented under the ''Documentation/networking'' directory +All are parameters documented under the ''Documentation/networking'' directory of kernel source tree so the specifics will not be repeated here. 
-of kernel source tree so the specifics will not be repeated here.  See +See ''ip-sysctl.txt'' and ''nf_conntrack-sysctl.txt'' for reference.
-''ip-sysctl.txt'' and ''nf_conntrack-sysctl.txt'' for reference.+
  
-:!: Since the OpenWrt feature set is fairly static, the kernel parameters almost +:!: Since the OpenWrt feature set is fairly static, the kernel parameters almost certainly do not need to tuned beyond the defaults provided in the build.
-certainly do not need to tuned beyond the defaults provided in the build.+
  
-:!: Notice that netfilter bridging support in the kernel is disabled!  See +:!: Notice that netfilter bridging support in the kernel is disabled! 
-''ip-sysctl.txt'':+See ''ip-sysctl.txt'':
  
-<file>+<code>
 bridge-nf-call-iptables - BOOLEAN bridge-nf-call-iptables - BOOLEAN
  1 : pass bridged IPv4 traffic to iptables' chains.  1 : pass bridged IPv4 traffic to iptables' chains.
  0 : disable this.  0 : disable this.
  Default: 1  Default: 1
-</file> +</code>
- +
-FIXME : the **sysctl** directives in ''/etc/init.d/sysctl'' are a superset of +
-those in the ''/etc/sysctl.d'' files.  The files in ''/etc/sysctl.d'' are +
-entirely redundant.  This may be a product of the build process.+
  
  • Last modified: 2023/10/14 06:03
  • by vgaetera