IP_FORWARD /etc/sysconfig/network magic words?
Jeff Kinz
jkinz at kinz.org
Fri Apr 29 19:20:48 UTC 2005
On Fri, Apr 29, 2005 at 03:01:16PM -0400, Jeff Kinz wrote:
> In the file /etc/sysconfig/network, does the line :
>
> FORWARD_IPV4=YES
>
> actually control IP forwarding? Currently my system seems to be
> ignoring it. ie - I font actually get any ip-forwarding happening when
> the network is up unless I explicitly enable it.
Aha!
Google - almost as powerful as Rick Stevens!
https://www.redhat.com/archives/redhat-list/2001-May/msg01047.html
indicates:
########################### QUOTE ###############################
I do not thing that forward_ipv4="yes" works any more. The settings in
sysctl.conf are used instead.
Look at /etc/sysctl.conf. Forward_ipv4 is one of the things normaly
controlled by this config file. You may also want to look at the sysctl
command - it is a cleaner way to change the settings then using echo.
########################### END QUOTE ###############################
In /etc/sysctl.conf:
net.ipv4.ip_forward = 0
appears to disable forwarding.
What are the security implications of changing "0" to "1" in this line?
At system boot time, will the /etc/sysconfig/iptables file info be
processed significantly later than the /etc/sysctl.conf info?
If that is true, then do we have insecure window of time where
the system will automatically forward packets anywhere?
Is this significant?
--
Jeff Kinz, Emergent Research, Hudson, MA.
More information about the Redhat-install-list
mailing list