[PLUG] Another network problem
AthlonRob
AthlonRob at axpr.net
Sun Dec 21 19:02:01 UTC 2003
On Sun, 2003-12-21 at 18:10, Paul Heinlein wrote:
> On Sun, 21 Dec 2003, AthlonRob wrote:
>
> > > /sbin/sysctl net.ipv4.ip_forward
> >
> > Interesting... why not, I wonder, just cat
> > /proc/sys/net/ipv4/ip_forward ?
>
> I've been trying to train myself to use the /sbin/sysctl interface
> rather than script directly into /proc. Admittedly, it's a matter of
> style, not substance. My gut feeling is that it'll protect me from
> myself, esp. when doing writes.
Cool... I hadn't used it before, I've always just played directly with
proc.
> Plus, I tend to use 'sysctl -a' when trying to remember exactly where
> something is in /proc, e.g.,
Yeah, I usually just grep a script I know plays with it...
rob at linuxbox:~$ grep forward /etc/rc.d/rc.firewall
# a hostname followed by the list of ports which will be forwarded
# Local ports to be forwarded back to other local ports, coming from
IPFWD="/proc/sys/net/ipv4/ip_forward" # kernel's IP forwarding control
echo "Disabling IP forwarding for safety"
echo 0 > $IPFWD # disable forwarding for safety, enabled below
echo "Re-enabling IP forwarding"
echo 1 > $IPFWD # forwarding is safe now
echo "All port forwarding done."
echo "Port forwarding to host $HOST"
And there we are, the third line. :-)
sysctl -a sounds like more fun, though... maybe I'll rewrite my firewall
script again to take advantage of it.
> There it is, the last one! It keeps me from spelunking through /proc.
> It's not a hard-and-fast thing, just an inclination.
Seems cleaner than running find in proc.
Rob
More information about the PLUG
mailing list