Manual:IP/Settings: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m →Properties: arp timeout |
||
Line 76: | Line 76: | ||
|default=yes | |default=yes | ||
|desc=Whether to send ICMP redirects. Recommended to be enabled on routers. | |desc=Whether to send ICMP redirects. Recommended to be enabled on routers. | ||
}} | |||
{{Mr-arg-table | |||
|arg=arp-timeout | |||
|type=time interval | |||
|default=30s | |||
|desc=ARP timeout on all interfaces that use ARP. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours or days. if no postfix is set then seconds (s) is used. | |||
}} | }} | ||
Revision as of 10:15, 18 September 2013
Applies to RouterOS: v6+
Summary
Sub-menu: /ip settings
IP Settings allows to configure several IP related kernel parameters.
Properties
Property | Description |
---|---|
accept-redirects (yes | no; Default: no) | Whether to accept ICMP redirect messages. Typically should be enabled on host and disabled on routers. |
accept-source-route (yes | no; Default: no) | Whether to accept packets with SRR option. Typically should be enabled on router. |
allow-fast-path (yes | no; Default: yes) | Allows fast path |
ip-forwarding (yes | no; Default: yes) | Emable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers. |
rp_filter (loose | no | strict; Default: no) | Disables enables source validation.
|
secure-redirects (yes | no; Default: yes) | Accept ICMP redirect messages only for gateways, listed in default gateway list. |
send-redirects (yes | no; Default: yes) | Whether to send ICMP redirects. Recommended to be enabled on routers. |
arp-timeout (time interval; Default: 30s) | ARP timeout on all interfaces that use ARP. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours or days. if no postfix is set then seconds (s) is used. |
tcp_syncookies (yes | no; Default: no) | Send out syncookies when the syn backlog queue of a socket overflows. This is to prevent against the common 'SYN flood attack'. syncookies seriously violate TCP protocol, do not allow o use TCP extensions, can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but your clients and relays, contacting you. |
[ Top | Back to Content ]