initscripts/sysctl.conf, branch 9.81 Mageia fork of Fedora's Init Scripts Drop sysctl.d/00-system.conf 2017-07-27T13:45:50+00:00 Zbigniew Jędrzejewski-Szmek zbyszek@in.waw.pl 2017-07-21T09:07:10+00:00 13d638c0a7df4a998429163b9a0189dcffa2393a This file now only contains lines to disable netfilter on bridges. In kernel 3.18 this filtering functionality was made non-default by moving it to br_netfilter [https://bugzilla.redhat.com/show_bug.cgi?id=512206]. Aybody who actually wants to use br_netfilter has to load it explicitly anyway, so disabling it through sysctl isn't necessary anymore. The reason for removal is that by default (i.e. when br_netfilter is not loaded), we get a warning on every boot: systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-ip6tables', ignoring: No such file or directory systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-iptables', ignoring: No such file or directory systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-arptables', ignoring: No such file or directory This is confusing for users and inelegant. The downside of removing this file is for people who load br_netfilter for some reason *and* do no want to use it, will have to take an additional step now (either restore the sysctl settings or remove br_netfilter from /etc/modules-load.d or wherever). I expect the number of people affected to be very small. (Note that the file was overwritten on sparc and s390, so those architectures see no change.) 
This file now only contains lines to disable netfilter on bridges.
In kernel 3.18 this filtering functionality was made non-default by
moving it to br_netfilter [https://bugzilla.redhat.com/show_bug.cgi?id=512206].
Aybody who actually wants to use br_netfilter has to load it explicitly
anyway, so disabling it through sysctl isn't necessary anymore.

The reason for removal is that by default (i.e. when br_netfilter is
not loaded), we get a warning on every boot:

systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-ip6tables', ignoring: No such file or directory
systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-iptables', ignoring: No such file or directory
systemd-sysctl[210]: Couldn't write '0' to 'net/bridge/bridge-nf-call-arptables', ignoring: No such file or directory

This is confusing for users and inelegant.

The downside of removing this file is for people who load br_netfilter
for some reason *and* do no want to use it, will have to take an
additional step now (either restore the sysctl settings or remove br_netfilter
from /etc/modules-load.d or wherever). I expect the number of people affected
to be very small.

(Note that the file was overwritten on sparc and s390, so those
architectures see no change.)
sysctl.conf: drop SHMALL and SHMMAX, they have sane default values in kernel 2015-05-06T12:13:32+00:00 Lukas Nykryn lnykryn@redhat.com 2015-05-06T12:13:32+00:00 032a604fe9c24483c9bc67c76494995d88115abe 






set shmmax and shmall defaults to match rhel6 values (#1056547)
2014-02-13T13:37:08+00:00

Lukas Nykryn
lnykryn@redhat.com

2014-02-12T13:19:19+00:00

343858fcb6af8451bba3ef3d780666e01d2ce7ad












remove some defaults from sysctl.conf (move to systemd)
2013-04-03T08:27:29+00:00

Václav Pavlín
vpavlin@redhat.com

2013-04-03T08:27:29+00:00

e65204069acf19a93c6dd5e2ec07db2e984c61df












turn on symlink protections in sysctl (#922030)
2013-03-15T13:09:48+00:00

Lukas Nykryn
lnykryn@redhat.com

2013-03-15T13:09:48+00:00

793fdaeafe3cacafd7ccfcec540d46088fb15bdd












Remove outdated "Red Hat Linux" comments from sysctl.conf.
2011-02-25T19:56:18+00:00

Ville Skyttä
ville.skytta@iki.fi

2010-10-15T17:30:11+00:00

01dc4673ccef0c931b6dfe438c91c98f48cd2b32












Disable netfilter on bridged interfaces. (#512206)
2009-07-31T13:39:12+00:00

Bill Nottingham
notting@redhat.com

2009-07-31T13:39:12+00:00

af3d40e8a4293f83abe9efaf8995f28f3287c758












DaveM hates syncookies.
2008-07-24T16:31:00+00:00

Bill Nottingham
notting@redhat.com

2008-07-24T16:31:00+00:00

2ad81727bd98d4c8364dfdc7f65d105972c93e1c

TCP snickerdoodles are next on the hit list.





TCP snickerdoodles are next on the hit list.







add syncookies (#145201)
2005-01-17T18:58:44+00:00

Bill Nottingham
notting@redhat.com

2005-01-17T18:58:44+00:00

d8177ae1e7215a3af82202625d05733901e2ec46












- disallow source routed packets by default
2004-10-07T11:39:38+00:00

Florian La Roche
laroche@redhat.com

2004-10-07T11:39:38+00:00

2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf