On Fri, 15 Apr 2022 at 09:23, [email protected] <[email protected]> wrote: > > This is indeed a bug: > > 14006 ipv4-routing should not be enabled by default > > https://www.illumos.org/issues/14006 > Should ipv4-routing not be enabled or should it not be installed as part of > the 'minimal' server type ?
Whether it is installed or not, the routing setup service should not have a special case like it does today that tries to guess at whether or not this daemon should be enabled. The operator should be required to turn it on explicitly via routeadm, or potentially via SMF. > https://www.illumos.org/issues/8587 Ah, that is indeed effectively a duplicate of #14006, but with a less crisp description. I've closed that one out in favour of 14006. > I am not sure there is a bug here. Also I'd say that this is not really an > installer bug. There is definitely a bug, and yes, it's not an installer bug. It's a bug in the machinery behind routeadm and routing setup in the core of the OS. > I am writing 'problem' between quotes as it is unclear to me that it is > really a problem, although that from a 'disabling unnecessary daemons' > perspective (hardening) it could be considered a problem, but thanks to IPS > packaging easy to uninstall/fix. It definitely is a problem. Enabling the routing daemon may cause the system to uncritically consume routes sent from remote hosts, and at a minimum will unhelpfully adjust the routing table in some cases. The service should be able to be installed without being enabled, as it is today, by guessing at the operator intent by looking at the current (dynamic!) state of the network stack and configuration. Whether to include it by default in newly installed systems seems more of a distribution-level question, but unrelated to how it works when it is installed. Cheers. -- Joshua M. Clulow http://blog.sysmgr.org _______________________________________________ openindiana-discuss mailing list [email protected] https://openindiana.org/mailman/listinfo/openindiana-discuss
