On Fri, May 15, 2015 at 12:52 PM, Lennart Poettering <lenn...@poettering.net> wrote: > On Fri, 15.05.15 12:42, Michael Marineau (michael.marin...@coreos.com) wrote: > >> On Fri, May 15, 2015 at 12:18 PM, Lennart Poettering >> <lenn...@poettering.net> wrote: >> > On Fri, 15.05.15 12:08, Nick Owens (nick.ow...@coreos.com) wrote: >> > >> >> In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced >> >> to set forwarding flags on interfaces in .network files. networkd sets >> >> forwarding options regardless of the previous setting, even if it was >> >> set by e.g. sysctl. This commit makes IPForwarding not change forwarding >> >> settings, so that systems using sysctl continue to work even if >> >> IPForwarding is unset in their .network files. >> >> >> >> See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial >> >> bug report. >> > >> > I think there should be an explicit way to enable the "kernel default >> > mode", i.e. the parser for this one option should consider a special >> > value "kernel" or so to explicitly ask for the kernel default. >> > >> > I'd still prefer if we'd default to ip forwarding off, rather than ip >> > forwarding as kernel default, for security reasons. >> >> Well, in CoreOS we *have* to use the kernel default if the value is >> unset, there simply is no way to safely upgrade existing systems to >> the new configuration scheme from the old sysctl one. The semantics of >> the two are too different. Even if there was a reasonable translation >> we are not in the business of modifying user configs. > > Well, but I think I would prefer if upstream would default to "off", > even if coreos then deviates from that and defaults to "kernel"...
Fair enough, should it be a option to configure then? _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel