1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>sysctl.d</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
a.headerlink {
color: #c60f0f;
font-size: 0.8em;
padding: 0 4px 0 4px;
text-decoration: none;
visibility: hidden;
}
a.headerlink:hover {
background-color: #c60f0f;
color: white;
}
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
visibility: visible;
}
</style><a href="index.html">Index </a>·
<a href="systemd.directives.html">Directives </a>·
<a href="../python-systemd/index.html">Python </a>·
<a href="../libudev/index.html">libudev </a>·
<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 215</span><hr><div class="refentry"><a name="sysctl.d"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>sysctl.d — Configure kernel parameters at boot</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/sysctl.d/*.conf</code></p><p><code class="filename">/run/sysctl.d/*.conf</code></p><p><code class="filename">/usr/lib/sysctl.d/*.conf</code></p></div><div class="refsect1"><a name="idm214178788384"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p>At boot,
<a href="systemd-sysctl.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-sysctl.service</span>(8)</span></a>
reads configuration files from the above directories
to configure
<a href="sysctl.html"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a>
kernel parameters.</p></div><div class="refsect1"><a name="idm214180384960"></a><h2 id="Configuration Format">Configuration Format<a class="headerlink" title="Permalink to this headline" href="#Configuration%20Format">¶</a></h2><p>The configuration files contain a list of
variable assignments, separated by newlines. Empty
lines and lines whose first non-whitespace character
is "<code class="literal">#</code>" or "<code class="literal">;</code>" are
ignored.</p><p>Each configuration file shall be named in the
style of <code class="filename"><em class="replaceable"><code>program</code></em>.conf</code>.
Files in <code class="filename">/etc/</code> override files
with the same name in <code class="filename">/usr/lib/</code>
and <code class="filename">/run/</code>. Files in
<code class="filename">/run/</code> override files with the same
name in <code class="filename">/usr/lib/</code>. Packages
should install their configuration files in
<code class="filename">/usr/lib/</code>. Files in
<code class="filename">/etc/</code> are reserved for the local
administrator, who may use this logic to override the
configuration files installed by vendor packages. All
configuration files are sorted by their filename in
lexicographic order, regardless of which of the
directories they reside in. If multiple files specify the
same variable name, the entry in the file with the
lexicographically latest name will be applied. It is
recommended to prefix all filenames with a two-digit
number and a dash, to simplify the ordering of the
files.</p><p>Note that either "<code class="literal">/</code>" or
"<code class="literal">.</code>" may be used as separators within
sysctl variable names. If the first separator is a
slash, remaining slashes and dots are left intact. If
the first separator is a dot, dots and slashes are
interchanged. "<code class="literal">kernel.domainname=foo</code>"
and "<code class="literal">kernel/domainname=foo</code>" are
equivalent and will cause "<code class="literal">foo</code>" to
be written to
<code class="filename">/proc/sys/kernel/domainname</code>.
Either
"<code class="literal">net.ipv4.conf.enp3s0/200.forwarding</code>"
or
"<code class="literal">net/ipv4/conf/enp3s0.200/forwarding</code>"
may be used to refer to
<code class="filename">/proc/sys/net/ipv4/conf/enp3s0.200/forwarding</code>.
</p><p>If the administrator wants to disable a
configuration file supplied by the vendor, the
recommended way is to place a symlink to
<code class="filename">/dev/null</code> in
<code class="filename">/etc/sysctl.d/</code> bearing the
same filename.</p><p>The settings configured with
<code class="filename">sysctl.d</code> files will be applied
early on boot. The network interface-specific options
will also be applied individually for each network
interface as it shows up in the system. (More
specifically,
<code class="filename">net.ipv4.conf.*</code>,
<code class="filename">net.ipv6.conf.*</code>,
<code class="filename">net.ipv4.neigh.*</code> and <code class="filename">net.ipv6.neigh.*</code>).</p><p>Many sysctl parameters only become available
when certain kernel modules are loaded. Modules are
usually loaded on demand, e.g. when certain hardware
is plugged in or network brought up. This means that
<a href="systemd-sysctl.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-sysctl.service</span>(8)</span></a> which runs
during early boot will not configure such parameters
if they become available after it has run. To
set such parameters, it is recommended to add
an <a href="udev.html"><span class="citerefentry"><span class="refentrytitle">udev</span>(7)</span></a> rule to set those parameters when they become
available. Alternatively, a slightly simpler and
less efficient option is to add the module to
<a href="modules-load.d.html"><span class="citerefentry"><span class="refentrytitle">modules-load.d</span>(5)</span></a>, causing it to be loaded statically
before sysctl settings are applied (see
example below).</p></div><div class="refsect1"><a name="idm214180508656"></a><h2 id="Examples">Examples<a class="headerlink" title="Permalink to this headline" href="#Examples">¶</a></h2><div class="example"><a name="idm214180507984"></a><p class="title"><b>Example 1. Set kernel YP domain name</b></p><div class="example-contents"><p><code class="filename">/etc/sysctl.d/domain-name.conf</code>:
</p><pre class="programlisting">kernel.domainname=example.com</pre></div></div><br class="example-break"><div class="example"><a name="idm214180505408"></a><p class="title"><b>Example 2. Disable packet filter on bridged packets (method one)</b></p><div class="example-contents"><p><code class="filename">/etc/udev/rules.d/99-bridge.conf</code>:
</p><pre class="programlisting">ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
</pre><p><code class="filename">/etc/sysctl.d/bridge.conf</code>:
</p><pre class="programlisting">net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
</pre></div></div><br class="example-break"><div class="example"><a name="idm214180493760"></a><p class="title"><b>Example 3. Disable packet filter on bridged packets (method two)</b></p><div class="example-contents"><p><code class="filename">/etc/modules-load.d/bridge.conf</code>:
</p><pre class="programlisting">bridge</pre><p><code class="filename">/etc/sysctl.d/bridge.conf</code>:
</p><pre class="programlisting">net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
</pre></div></div><br class="example-break"></div><div class="refsect1"><a name="idm214180489376"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p>
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
<a href="systemd-sysctl.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-sysctl.service</span>(8)</span></a>,
<a href="systemd-delta.html"><span class="citerefentry"><span class="refentrytitle">systemd-delta</span>(1)</span></a>,
<a href="sysctl.html"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a>,
<a href="sysctl.conf.html"><span class="citerefentry"><span class="refentrytitle">sysctl.conf</span>(5)</span></a>
<a href="modprobe.html"><span class="citerefentry"><span class="refentrytitle">modprobe</span>(8)</span></a>
</p></div></div></body></html>
|
