Difference between revisions of "Manual:IP/Settings"
Jump to navigation Jump to search
|Line 49:||Line 49:|
|desc=on all interfaces that use ARP. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours or days. if no postfix is set then seconds (s) is used.
Revision as of 07:32, 23 April 2020
IP Settings allows to configure several IP related kernel parameters.
|accept-redirects (yes | no; Default: no)||Whether to accept ICMP redirect messages. Typically should be enabled on host and disabled on routers.|
|accept-source-route (yes | no; Default: no)||Whether to accept packets with SRR option. Typically should be enabled on router.|
|allow-fast-path (yes | no; Default: yes)||Allows fast path|
|arp-timeout (time interval; Default: 30s)||Sets Linux base_reachable_time(base_reachable_time_ms) on all interfaces that use ARP. This parameter indicates how long ARP entry will be valid after neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours or days. if no postfix is set then seconds (s) is used. Parameter DOES NOT represent a time when ARP entry is removed from ARP cache.|
|icmp-rate-limit (integer [0..4294967295]; Default: 10)||Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 to disable any limiting, otherwise the minimum space between responses in milliseconds.|
|icmp-rate-mask ([0..FFFFFFFF]; Default: 0x1818)||Mask made of ICMP types for which rates are being limited. More info in linux man pages|
|ip-forward (yes | no; Default: yes)||Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.|
|rp-filter (loose | no | strict; Default: no)||Disables enables source validation.
|secure-redirects (yes | no; Default: yes)||Accept ICMP redirect messages only for gateways, listed in default gateway list.|
|send-redirects (yes | no; Default: yes)||Whether to send ICMP redirects. Recommended to be enabled on routers.|
|tcp-syncookies (yes | no; Default: no)||Send out syncookies when the syn backlog queue of a socket overflows. This is to prevent against the common 'SYN flood attack'. syncookies seriously violate TCP protocol, do not allow o use TCP extensions, can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but your clients and relays, contacting you.|
|max-neighbor-entries (integer [0..2147483647]; Default: )||Maximum number of allowed neighbors in ARP table.|
|route-cache (yes | no; Default: yes)||Disable or enable Linux route cache. Note that by disabling route cache, it will also disable fast path.|
|ipv4-fast-path-active (yes | no)||Indicates whether fast-path is active|
|ipv4-fast-path-bytes (integer)||Amount of fast-pathed bytes|
|ipv4-fast-path-packets (integer)||Amount of fast-pathed packets|
|ipv4-fasttrack-active (yes | no)||Indicates whether fasttrack is active|
|ipv4-fasttrack-bytes (integer)||Amount of fasttracked bytes|
|ipv4-fasttrack-packets (integer)||Amount of fasttracked packet.|