Re: [systemd-devel] ip forwarding

2015-11-06 Thread Reindl Harald
Am 06.11.2015 um 08:11 schrieb Johannes Ernst: This makes my point. The default = 0 is counter intuitive and costs much time for the lucky ones among us who can figure it out. The rest will just give up... defaults should have security in mind, most setups don't need it enabled and the

Re: [systemd-devel] ip forwarding

2015-11-06 Thread Reindl Harald
Am 06.11.2015 um 10:20 schrieb Mantas Mikulėnas: On Fri, Nov 6, 2015 at 11:09 AM, Reindl Harald > wrote: Am 06.11.2015 um 08:11 schrieb Johannes Ernst: This makes my point. The default = 0 is counter intuitive and

Re: [systemd-devel] ip forwarding

2015-11-06 Thread Mantas Mikulėnas
On Fri, Nov 6, 2015 at 11:09 AM, Reindl Harald wrote: > > > Am 06.11.2015 um 08:11 schrieb Johannes Ernst: > >> This makes my point. The default = 0 is counter intuitive and costs much >> time for the lucky ones among us who can figure it out. The rest will just >> give

Re: [systemd-devel] ip forwarding

2015-11-06 Thread Johannes Ernst
> On Nov 6, 2015, at 1:09, Reindl Harald wrote: > > defaults should have security in mind, … IMHO the current behavior is actually less secure: If I set net.ipv4.ip_forward=1, I intentionally set forwarding on all interfaces, as documented in countless tutorials, so

Re: [systemd-devel] ip forwarding

2015-11-06 Thread Reindl Harald
Am 06.11.2015 um 16:43 schrieb Johannes Ernst: On Nov 6, 2015, at 1:09, Reindl Harald > wrote: defaults should have security in mind, … IMHO the current behavior is actually less secure: no, it maybe unpredictable by the desciptions

Re: [systemd-devel] ip forwarding

2015-11-06 Thread Martin Pitt
Johannes Ernst [2015-11-05 23:11 -0800]: > This makes my point. The default = 0 is counter intuitive and costs much time > for the lucky ones among us who can figure it out. The rest will just give > up... It's less counter-intuitive, but the problem is that it breaks a lot of existing tools

[systemd-devel] ip forwarding

2015-11-05 Thread Johannes Ernst
TL;DR: I propose to have IPForward default to “no change”, rather than 0, as 0 has unexpected consequences for non-expert users. Details: A few months ago there where some threads about ip_forwarding needing a toggle from 1 to 0 and back to 1 before it would work. [1][2][3] It appears I found

Re: [systemd-devel] ip forwarding

2015-11-05 Thread Peter Paule
Hi Johannes, I had the same problem, I even wrote an article about that (https://www.fedux.org/articles/2015/09/09/having-no-fun-with-rubygems-systemd-docker-and-networking.html). I think, you use `systemd-networkd`. Correct? The behaviour is documented in "systemd.network-manual". Note:

Re: [systemd-devel] ip forwarding

2015-11-05 Thread Johannes Ernst
This makes my point. The default = 0 is counter intuitive and costs much time for the lucky ones among us who can figure it out. The rest will just give up... Sent from my iPad. > On Nov 5, 2015, at 22:32, Peter Paule wrote: > > Hi Johannes, > > I had the same