aboutsummaryrefslogtreecommitdiff
path: root/templates/vserver/files/etc/rc.d/rc.ip_forward
diff options
context:
space:
mode:
Diffstat (limited to 'templates/vserver/files/etc/rc.d/rc.ip_forward')
-rw-r--r--templates/vserver/files/etc/rc.d/rc.ip_forward64
1 files changed, 64 insertions, 0 deletions
diff --git a/templates/vserver/files/etc/rc.d/rc.ip_forward b/templates/vserver/files/etc/rc.d/rc.ip_forward
new file mode 100644
index 0000000..52bd2fe
--- /dev/null
+++ b/templates/vserver/files/etc/rc.d/rc.ip_forward
@@ -0,0 +1,64 @@
+#!/bin/sh
+# /etc/rc.d/rc.ip_forward: start/stop IP packet forwarding
+#
+# If you intend to run your Linux box as a router, i.e. as a
+# computer that forwards and redistributes network packets, you
+# will need to enable IP packet forwarding in your kernel.
+#
+# To activate IP packet forwarding at boot time, make this
+# script executable: chmod 755 /etc/rc.d/rc.ip_forward
+#
+# To disable IP packet forwarding at boot time, make this
+# script non-executable: chmod 644 /etc/rc.d/rc.ip_forward
+
+# Start IP packet forwarding:
+ip_forward_start() {
+ if [ -f /proc/sys/net/ipv4/ip_forward ]; then
+ echo "Activating IPv4 packet forwarding."
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+ fi
+ # When using IPv4 packet forwarding, you will also get the
+ # rp_filter, which automatically rejects incoming packets if the
+ # routing table entry for their source address doesn't match the
+ # network interface they're arriving on. This has security
+ # advantages because it prevents the so-called IP spoofing,
+ # however it can pose problems if you use asymmetric routing
+ # (packets from you to a host take a different path than packets
+ # from that host to you) or if you operate a non-routing host
+ # which has several IP addresses on different interfaces. To
+ # turn rp_filter off, uncomment the lines below:
+ #if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then
+ # echo "Disabling rp_filter."
+ # echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
+ #fi
+}
+
+# Stop IP packet forwarding:
+ip_forward_stop() {
+ if [ -f /proc/sys/net/ipv4/ip_forward ]; then
+ echo "Disabling IPv4 packet forwarding."
+ echo 0 > /proc/sys/net/ipv4/ip_forward
+ fi
+}
+
+# Restart IP packet forwarding:
+ip_forward_restart() {
+ ip_forward_stop
+ sleep 1
+ ip_forward_start
+}
+
+case "$1" in
+'start')
+ ip_forward_start
+ ;;
+'stop')
+ ip_forward_stop
+ ;;
+'restart')
+ ip_forward_restart
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 17:26:20 +0000