LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   how to disable ip forwarding? (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-disable-ip-forwarding-632096/)

noriko_q 04-01-2008 02:05 AM
how to disable ip forwarding?
 
Hi,

I m using SUSE Enterprise Server 9.
Not sure if anyone could guide me on how to disable the IP forwarding.

went to /proc/sys/net/ipv4/conf/eth0/accept_redirects to set it to 0 and /sbin/sysctl -w net.ipv4.conf.eth1.accept_redirects=0
but once i reboot the system it will enable again.

how can i set it permanently.

jschiwal 04-01-2008 02:29 AM
Don't you want to change
/proc/sys/net/ipv4/ip_forward?

Either disable forwarding in YaST2 or edit /etc/sysconfig/sysctl.

noriko_q 04-01-2008 11:14 PM
other than that ,i also need to disable the /proc/sys/net/ipv4/conf/eth0/accept_redirects, send_ redirects and accept_source_route. Do u know what should i do to permantently disable them.

jschiwal 04-01-2008 11:45 PM
I grep'ed the files in /etc that source /etc/sysconfig/sysctl:

Code:
/etc/rc.d/boot.d/S08boot.localfs:. /etc/sysconfig/sysctl
/etc/rc.d/boot.d/K14boot.localfs:. /etc/sysconfig/sysctl
/etc/rc.d/boot.d/K10boot.ipconfig:. /etc/sysconfig/sysctl
/etc/rc.d/boot.d/K12boot.proc:. /etc/sysconfig/sysctl
/etc/rc.d/boot.d/S12boot.ipconfig:. /etc/sysconfig/sysctl
/etc/rc.d/boot.proc:. /etc/sysconfig/sysctl
/etc/rc.d/boot.ipconfig:. /etc/sysconfig/sysctl
/etc/rc.d/boot.localfs:. /etc/sysconfig/sysctl
/etc/rc.d/boot.sysctl:. /etc/sysconfig/sysctl
/etc/rc.d/boot.sysctl:  # in /etc/sysconfig/sysctl
Either add the echo commands you need to /etc/init.d/boot.local or /etc/rc.d/boot.ipconfig:
Code:
  #
  # Enable IP forwarding ?
  #
  if test -e /proc/sys/net/ipv4/ip_forward -a -n "$IP_FORWARD" ; then
    case $IP_FORWARD in
      yes)
        echo -n "Enabling IP forwarding"
        echo "1" > /proc/sys/net/ipv4/ip_forward
      ;;
      *)
        echo -n "Disabling IP forwarding"
        echo "0" > /proc/sys/net/ipv4/ip_forward
        echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_redirects
        echo "0" > /proc/sys/net/ipv4/conf/eth1/accept_redirects
      ;;
    esac
    rc_status -v -r
boot.local sounds a bit more proper to me but boot.ipconfig would allow you to disable these items if you disable IP_FORWARD in /etc/sysconfig/sysctl.

jschiwal 04-01-2008 11:50 PM
These settings may be better instead of per interface settings:
Code:
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

echo 0 > /proc/sys/net/ipv6/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv6/conf/all/send_redirects
Editing /etc/sysctl.conf may also work as well.


All times are GMT -5. The time now is 08:49 PM.