Difference between revisions of "Manual:IP/Settings"
Jump to navigation Jump to search
|Line 1:||Line 1:|
Latest revision as of 08:05, 17 January 2022
IP Settings allows to configure several IP related kernel parameters.
|accept-redirects (yes | no; Default: no)||Whether to accept ICMP redirect messages. Typically should be enabled on host and disabled on routers.|
|accept-source-route (yes | no; Default: no)||Whether to accept packets with SRR option. Typically should be enabled on router.|
|allow-fast-path (yes | no; Default: yes)||Allows fast path|
|arp-timeout (time interval; Default: 30s)||Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. Initial validity of ARP entry is picked from interval [timeout/2..3*timeout/2] (default from 15s to 45s) after neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours or days. if no postfix is set then seconds (s) is used. Parameter DOES NOT represent a time when ARP entry is removed from ARP cache, ARP cache entries can be stored in the cache for up to 10minutes if reference in route cache is created.|
|icmp-rate-limit (integer [0..4294967295]; Default: 10)||Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 to disable any limiting, otherwise the minimum space between responses in milliseconds.|
|icmp-rate-mask ([0..FFFFFFFF]; Default: 0x1818)||Mask made of ICMP types for which rates are being limited. More info in linux man pages|
|ip-forward (yes | no; Default: yes)||Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.|
|rp-filter (loose | no | strict; Default: no)||Disables enables source validation.
|secure-redirects (yes | no; Default: yes)||Accept ICMP redirect messages only for gateways, listed in default gateway list.|
|send-redirects (yes | no; Default: yes)||Whether to send ICMP redirects. Recommended to be enabled on routers.|
|tcp-syncookies (yes | no; Default: no)||Send out syncookies when the syn backlog queue of a socket overflows. This is to prevent against the common 'SYN flood attack'. syncookies seriously violate TCP protocol, do not allow o use TCP extensions, can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but your clients and relays, contacting you.|
|max-neighbor-entries (integer [0..2147483647]; Default: )||Maximum number of allowed neighbors in ARP table.|
|route-cache (yes | no; Default: yes)||Disable or enable Linux route cache. Note that by disabling route cache, it will also disable fast path.|
|ipv4-fast-path-active (yes | no)||Indicates whether fast-path is active|
|ipv4-fast-path-bytes (integer)||Amount of fast-pathed bytes|
|ipv4-fast-path-packets (integer)||Amount of fast-pathed packets|
|ipv4-fasttrack-active (yes | no)||Indicates whether fasttrack is active|
|ipv4-fasttrack-bytes (integer)||Amount of fasttracked bytes|
|ipv4-fasttrack-packets (integer)||Amount of fasttracked packet.|