Manual:IP/Settings: Difference between revisions
Jump to navigation
Jump to search
Line 47: | Line 47: | ||
{{Mr-arg-table | {{Mr-arg-table | ||
|arg=arp-timeout | |arg=arp-timeout | ||
|type=time | |type=time interval | ||
|default=30s | |default=30s | ||
|desc= | |desc=ARP timeout on all interfaces that use ARP. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours or days. if no postfix is set then seconds (s) is used. | ||
}} | }} | ||
Line 83: | Line 83: | ||
|default=yes | |default=yes | ||
|desc=Whether to send ICMP redirects. Recommended to be enabled on routers. | |desc=Whether to send ICMP redirects. Recommended to be enabled on routers. | ||
}} | }} | ||
Revision as of 13:18, 5 December 2013
Applies to RouterOS: v6+
Summary
Sub-menu: /ip settings
IP Settings allows to configure several IP related kernel parameters.
Properties
Property | Description |
---|---|
accept-redirects (yes | no; Default: no) | Whether to accept ICMP redirect messages. Typically should be enabled on host and disabled on routers. |
accept-source-route (yes | no; Default: no) | Whether to accept packets with SRR option. Typically should be enabled on router. |
allow-fast-path (yes | no; Default: yes) | Allows fast path |
arp-timeout (time interval; Default: 30s) | ARP timeout on all interfaces that use ARP. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours or days. if no postfix is set then seconds (s) is used. |
ip-forwarding (yes | no; Default: yes) | Emable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers. |
rp_filter (loose | no | strict; Default: no) | Disables enables source validation.
|
secure-redirects (yes | no; Default: yes) | Accept ICMP redirect messages only for gateways, listed in default gateway list. |
send-redirects (yes | no; Default: yes) | Whether to send ICMP redirects. Recommended to be enabled on routers. |
tcp_syncookies (yes | no; Default: no) | Send out syncookies when the syn backlog queue of a socket overflows. This is to prevent against the common 'SYN flood attack'. syncookies seriously violate TCP protocol, do not allow o use TCP extensions, can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but your clients and relays, contacting you. |
[ Top | Back to Content ]