[systemd-devel] ip forwarding
Martin Pitt
martin.pitt at ubuntu.com
Fri Nov 6 04:42:19 PST 2015
Johannes Ernst [2015-11-05 23:11 -0800]:
> This makes my point. The default = 0 is counter intuitive and costs much time for the lucky ones among us who can figure it out. The rest will just give up...
It's less counter-intuitive, but the problem is that it breaks a lot
of existing tools that expect that the global kernel settings actually
work.
Note that this was discussed recently already here, but rejected:
https://github.com/systemd/systemd/issues/1411
Thus at least CoreOS and Ubuntu now change the default to "kernel",
which pretty much DTRT. (I'm still pondering doing that in Debian
too). If you don't explicitly configure it in your .network then the
global setting is applied, and as that defaults to 0 the "secure by
default" aspect is also satisfied.
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the systemd-devel
mailing list