Public bug reported: In 22.04, systemd ships the following globbed sysctls: $ grep -r -F '*' /usr/lib/sysctl.d /etc/sysctl.* /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.rp_filter = 2 /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.accept_source_route = 0 /usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.promote_secondaries = 1
This seems to break linux's built-in .defaults sysctls. For instance, `net.ipv4.conf.default.rp_filter` is ineffective given the above. According to sysctl.d(5), they're applied /individually/ when interfaces show up: > The settings configured with sysctl.d files will be applied early on boot. > The network interface-specific options will also be applied individually for > each network interface as it shows up in the system. (More specifically, > net.ipv4.conf.*, net.ipv6.conf.*, net.ipv4.neigh.* and net.ipv6.neigh.*). That means something (networkd?) applies `net.ipv4.conf.newif.rp_filter=2` when newif appears. Since that's applied to an individual interface, it overrides `net.ipv4.conf.default.rp_filter=0` that I've set. That pretty surprising. It isn't clear from sysctl.d(5) how to disable this. With some experimentation, I've come up with: -net.ipv4.conf.*.rp_filter net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 But I'm not sure that first line is valid. sysctl.d(5) doesn't document this case. Perhaps the systemd package should not ship globbed sysctls in the above-documented network subtrees - are there use cases not covered by the .defaults sysctls? I haven't checked if later packages continue to ship the above config. ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065439 Title: default globbed sysctls override linux defaults To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2065439/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs