From 432951de1f7f94317ed8c9c713ee4aa8d40d04c3 Mon Sep 17 00:00:00 2001 From: Phil Dibowitz Date: Wed, 5 Oct 2016 12:40:45 +0200 Subject: Provide a mechanism to prevent network-scripts from messing with sysctls network-scripts makes odd assumptions, like if I don't want SLAAC (i.e. if I turn off AUTOCONF) that I also don't want RA. This is not true, it's common to have a static local address, but to get my gateway through RA. This is one solution. I will also be sending a more specific solution to enable the above directly, but having a way to tell network-scripts to not mess with systctls seems generally useful. --- sysconfig/network-scripts/ifdown-ipv6 | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'sysconfig/network-scripts/ifdown-ipv6') diff --git a/sysconfig/network-scripts/ifdown-ipv6 b/sysconfig/network-scripts/ifdown-ipv6 index d2207b76..f06f56dd 100755 --- a/sysconfig/network-scripts/ifdown-ipv6 +++ b/sysconfig/network-scripts/ifdown-ipv6 @@ -62,10 +62,12 @@ if [ $? != 0 -a $? != 11 ]; then exit 1 fi -# Switch some sysctls to secure mode -/sbin/sysctl -e -w net.ipv6.conf.$SYSCTLDEVICE.forwarding=0 >/dev/null 2>&1 -/sbin/sysctl -e -w net.ipv6.conf.$SYSCTLDEVICE.accept_ra=0 >/dev/null 2>&1 -/sbin/sysctl -e -w net.ipv6.conf.$SYSCTLDEVICE.accept_redirects=0 >/dev/null 2>&1 +if [ ! "$IPV6_SET_SYCTL" = "no" ]; then + # Switch some sysctls to secure mode + /sbin/sysctl -e -w net.ipv6.conf.$SYSCTLDEVICE.forwarding=0 >/dev/null 2>&1 + /sbin/sysctl -e -w net.ipv6.conf.$SYSCTLDEVICE.accept_ra=0 >/dev/null 2>&1 + /sbin/sysctl -e -w net.ipv6.conf.$SYSCTLDEVICE.accept_redirects=0 >/dev/null 2>&1 +fi /sbin/ip link set $DEVICE addrgenmode eui64 >/dev/null 2>&1 # Test status of tun6to4 device -- cgit v1.2.1