On 2 April 2013 03:19, Tom Gundersen <[email protected]> wrote: > Hi guys, > > As you may have noticed systemd ships a default sysctl config file as > of v199 (/usr/lib/sysctl.d/50-default.conf). Rather than also ship an > Arch-specific one (/etc/sysctl.conf), should we try to unify the two? > > I had a look a the differences: > > 1) kernel.sysrq: > > We set it to 'off', systemd enables the sync command (which should be safe). > > 2) net.ipv4.ip_forward > > We disable this, which is already the default in the kernel. > > 3) net.ipv4.tcp_syncookies > > We enable this. Are we sure this is the right thing to do by default? > There appears to be lots of warnings about it. > > 4) net.ipv6.conf.all.forwarding > > We disable this. It appears to be disabled by default, or am I reading it > wrong? > > In addition to these, systemd sets the following: > > kernel.core_uses_pid = 1 > net.ipv4.conf.default.rp_filter = 1 > net.ipv4.conf.default.accept_source_route = 0 > fs.protected_hardlinks = 1 > fs.protected_symlinks = 1 > > Are we happy with that?
Those should be saner defaults, so +1 (until we get reports, complaints and stuff). -- GPG/PGP ID: C0711BF1
