On Sun, Oct 02, 2005 at 09:29:35AM +0200, Marc Haber wrote: > Especially in the case of spoofprotect, since sysctl doesn't seem to > expand wildcards in /etc/sysctl.conf and thus the naive approach of > writing "net/ipv4/conf/*/rp_filter=1" in /etc/sysctl.conf doesn't work.
Ah, thanks for that, I forgot to comment it :) *Usually* it's sufficient to set net/ipv4/conf/all/rp_filter and net/ipv4/conf/default/rp_filter because there are no interfaces configured when rcS.d/S30procps.sh is called (and thus no other subdirectories exist in conf/). There is one case where I don't know if it's sufficient: when you have / on nfs you need to configure at least one interface at kernel boot. regards Mario -- () Ascii Ribbon Campaign /\ Support plain text e-mail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
