diff options
| author | rhatto <rhatto@04377dda-e619-0410-9926-eae83683ac58> | 2008-12-04 00:50:47 +0000 |
|---|---|---|
| committer | rhatto <rhatto@04377dda-e619-0410-9926-eae83683ac58> | 2008-12-04 00:50:47 +0000 |
| commit | fcfc2248b2cf6a611836d0635a875fb10f93d74a (patch) | |
| tree | 5d1fc31ccfd1e7b0b367b5ae54c8336ac988007d /trunk/templates/vserver-legacy/files/etc/rc.d/rc.ip_forward | |
| parent | f9f16bb55714940883484f63b6daad9c279dd3ce (diff) | |
| download | simplepkg-fcfc2248b2cf6a611836d0635a875fb10f93d74a.tar.gz simplepkg-fcfc2248b2cf6a611836d0635a875fb10f93d74a.tar.bz2 | |
new 'compact' template format
git-svn-id: svn+slack://slack.fluxo.info/var/svn/simplepkg@634 04377dda-e619-0410-9926-eae83683ac58
Diffstat (limited to 'trunk/templates/vserver-legacy/files/etc/rc.d/rc.ip_forward')
| -rw-r--r-- | trunk/templates/vserver-legacy/files/etc/rc.d/rc.ip_forward | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/trunk/templates/vserver-legacy/files/etc/rc.d/rc.ip_forward b/trunk/templates/vserver-legacy/files/etc/rc.d/rc.ip_forward new file mode 100644 index 0000000..52bd2fe --- /dev/null +++ b/trunk/templates/vserver-legacy/files/etc/rc.d/rc.ip_forward @@ -0,0 +1,64 @@ +#!/bin/sh +# /etc/rc.d/rc.ip_forward: start/stop IP packet forwarding +# +# If you intend to run your Linux box as a router, i.e. as a +# computer that forwards and redistributes network packets, you +# will need to enable IP packet forwarding in your kernel. +# +# To activate IP packet forwarding at boot time, make this +# script executable: chmod 755 /etc/rc.d/rc.ip_forward +# +# To disable IP packet forwarding at boot time, make this +# script non-executable: chmod 644 /etc/rc.d/rc.ip_forward + +# Start IP packet forwarding: +ip_forward_start() { + if [ -f /proc/sys/net/ipv4/ip_forward ]; then + echo "Activating IPv4 packet forwarding." + echo 1 > /proc/sys/net/ipv4/ip_forward + fi + # When using IPv4 packet forwarding, you will also get the + # rp_filter, which automatically rejects incoming packets if the + # routing table entry for their source address doesn't match the + # network interface they're arriving on. This has security + # advantages because it prevents the so-called IP spoofing, + # however it can pose problems if you use asymmetric routing + # (packets from you to a host take a different path than packets + # from that host to you) or if you operate a non-routing host + # which has several IP addresses on different interfaces. To + # turn rp_filter off, uncomment the lines below: + #if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then + # echo "Disabling rp_filter." + # echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter + #fi +} + +# Stop IP packet forwarding: +ip_forward_stop() { + if [ -f /proc/sys/net/ipv4/ip_forward ]; then + echo "Disabling IPv4 packet forwarding." + echo 0 > /proc/sys/net/ipv4/ip_forward + fi +} + +# Restart IP packet forwarding: +ip_forward_restart() { + ip_forward_stop + sleep 1 + ip_forward_start +} + +case "$1" in +'start') + ip_forward_start + ;; +'stop') + ip_forward_stop + ;; +'restart') + ip_forward_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac + |