On Fri, May 15, 2015 at 12:18 PM, Lennart Poettering <[email protected]> wrote: > On Fri, 15.05.15 12:08, Nick Owens ([email protected]) wrote: > >> In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced >> to set forwarding flags on interfaces in .network files. networkd sets >> forwarding options regardless of the previous setting, even if it was >> set by e.g. sysctl. This commit makes IPForwarding not change forwarding >> settings, so that systems using sysctl continue to work even if >> IPForwarding is unset in their .network files. >> >> See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial >> bug report. > > I think there should be an explicit way to enable the "kernel default > mode", i.e. the parser for this one option should consider a special > value "kernel" or so to explicitly ask for the kernel default. > > I'd still prefer if we'd default to ip forwarding off, rather than ip > forwarding as kernel default, for security reasons.
Well, in CoreOS we *have* to use the kernel default if the value is unset, there simply is no way to safely upgrade existing systems to the new configuration scheme from the old sysctl one. The semantics of the two are too different. Even if there was a reasonable translation we are not in the business of modifying user configs. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
