On Wed, Oct 14, 2015, at 14:18, David Miller wrote: > From: Hannes Frederic Sowa <han...@stressinduktion.org> > Date: Wed, 14 Oct 2015 13:03:41 +0200 > > The difference is that people upgrade (in case of fedora they get a > > .rpmnew file) or install a distribution and don't wonder or have > > assumptions about old behavior. In case companies integrate kernel in > > products/appliances without a way to manage those sysctls we cannot > > simply change them as this would break assumptions for them. I think > > those are two different cases. > > The thing that is similar is that people set rp_filter inappropriately > (no end host should have that knob enabled, ever, it's totally > unnecesary). And the risk here is similar, distribution X will set it > so Y will say "we probably should set it too even though we really > don't understand it fully". > > I really hate situations like this.
I can bring up the rp_filter setting, too. It currently gets unconditional set to strict mode in systemd on all interfaces. The question is, if we should care about people enabling forwarding by simply toggling the sysctl forwarding knob? Essentially in the kernel we could provide two sysctl knobs, one for forwarding and one for local reception. So people following the guidelines how to enable forwarding could automatically have rp_filter enabled while host mode does not because we leave the forwarding rp_filter setting enabled. This at the same time seems unnecessary complex and maybe we should simply talk to distributions. ;) What do you think? Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
