diff options
| author | rhatto <rhatto@04377dda-e619-0410-9926-eae83683ac58> | 2007-04-13 21:46:27 +0000 |
|---|---|---|
| committer | rhatto <rhatto@04377dda-e619-0410-9926-eae83683ac58> | 2007-04-13 21:46:27 +0000 |
| commit | f76d87c78ade79c700b6dd48aeb6b8bbef60cf34 (patch) | |
| tree | a64bfb20225c12ec13001a2ba7a4e3f381532c06 /branches/0.6/templates/vserver/vserver.d/etc/rc.d/rc.ip_forward | |
| parent | aa280bb3fbf166e31b939342c1d956848a801780 (diff) | |
| download | simplepkg-f76d87c78ade79c700b6dd48aeb6b8bbef60cf34.tar.gz simplepkg-f76d87c78ade79c700b6dd48aeb6b8bbef60cf34.tar.bz2 | |
created 0.6 branch
git-svn-id: svn+slack://slack.fluxo.info/var/svn/simplepkg@341 04377dda-e619-0410-9926-eae83683ac58
Diffstat (limited to 'branches/0.6/templates/vserver/vserver.d/etc/rc.d/rc.ip_forward')
| -rw-r--r-- | branches/0.6/templates/vserver/vserver.d/etc/rc.d/rc.ip_forward | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/branches/0.6/templates/vserver/vserver.d/etc/rc.d/rc.ip_forward b/branches/0.6/templates/vserver/vserver.d/etc/rc.d/rc.ip_forward new file mode 100644 index 0000000..52bd2fe --- /dev/null +++ b/branches/0.6/templates/vserver/vserver.d/etc/rc.d/rc.ip_forward @@ -0,0 +1,64 @@ +#!/bin/sh +# /etc/rc.d/rc.ip_forward: start/stop IP packet forwarding +# +# If you intend to run your Linux box as a router, i.e. as a +# computer that forwards and redistributes network packets, you +# will need to enable IP packet forwarding in your kernel. +# +# To activate IP packet forwarding at boot time, make this +# script executable: chmod 755 /etc/rc.d/rc.ip_forward +# +# To disable IP packet forwarding at boot time, make this +# script non-executable: chmod 644 /etc/rc.d/rc.ip_forward + +# Start IP packet forwarding: +ip_forward_start() { + if [ -f /proc/sys/net/ipv4/ip_forward ]; then + echo "Activating IPv4 packet forwarding." + echo 1 > /proc/sys/net/ipv4/ip_forward + fi + # When using IPv4 packet forwarding, you will also get the + # rp_filter, which automatically rejects incoming packets if the + # routing table entry for their source address doesn't match the + # network interface they're arriving on. This has security + # advantages because it prevents the so-called IP spoofing, + # however it can pose problems if you use asymmetric routing + # (packets from you to a host take a different path than packets + # from that host to you) or if you operate a non-routing host + # which has several IP addresses on different interfaces. To + # turn rp_filter off, uncomment the lines below: + #if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then + # echo "Disabling rp_filter." + # echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter + #fi +} + +# Stop IP packet forwarding: +ip_forward_stop() { + if [ -f /proc/sys/net/ipv4/ip_forward ]; then + echo "Disabling IPv4 packet forwarding." + echo 0 > /proc/sys/net/ipv4/ip_forward + fi +} + +# Restart IP packet forwarding: +ip_forward_restart() { + ip_forward_stop + sleep 1 + ip_forward_start +} + +case "$1" in +'start') + ip_forward_start + ;; +'stop') + ip_forward_stop + ;; +'restart') + ip_forward_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac + |