[systemd-devel] [PATCH v2] networkd: do not change kernel forwarding parameters when IPForwarding is unset
Lennart Poettering
lennart at poettering.net
Fri May 15 12:18:56 PDT 2015
On Fri, 15.05.15 12:08, Nick Owens (nick.owens at coreos.com) wrote:
> In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced
> to set forwarding flags on interfaces in .network files. networkd sets
> forwarding options regardless of the previous setting, even if it was
> set by e.g. sysctl. This commit makes IPForwarding not change forwarding
> settings, so that systems using sysctl continue to work even if
> IPForwarding is unset in their .network files.
>
> See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
> bug report.
I think there should be an explicit way to enable the "kernel default
mode", i.e. the parser for this one option should consider a special
value "kernel" or so to explicitly ask for the kernel default.
I'd still prefer if we'd default to ip forwarding off, rather than ip
forwarding as kernel default, for security reasons.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list