SYSCTL
SYSCTL.D
NAMESYNOPSIS
æè¿°
éç½®æä»¶æ ¼å¼
éç½®ç®å½åå¶ä¼å级
ä¾å
åè§
NOTES
è·
NAME
sysctl.d - å¨å¯å¨æ¶éç½®åæ ¸åæ°
SYNOPSIS
/etc/sysctl.d/*.conf
/run/sysctl.d/*.conf
/usr/lib/sysctl.d/*.conf
æè¿°
å¨ç³»ç»å¯å¨æ¶ï¼ systemd-sysctl.service(8) æ ¹æ®ä¸é¢ååºçéç½®æ件设置 sysctl(8) [1] åæ ¸åæ°ã
éç½®æä»¶æ ¼å¼
éç½®æ件çæ ¼å¼æ¯ ä¸ç³»å"KEY=VALUE"è¡(æ¯è¡ä¸å¯¹)ã 空è¡ä»¥å以 "#" æ ";" å¼å¤´çè¡é½å°è¢«å¿½ç¥ã
注æï¼å¨KEYåé¨ï¼å¯ä»¥ä½¿ç¨ "/" æ "." ä½ä¸ºåé符ã å¦æ第ä¸ä¸ªåéç¬¦æ¯ "/" ï¼ é£ä¹å¶ä½çåé符å°ä¿æåæ ·ï¼ å¦æ第ä¸ä¸ªåéç¬¦æ¯ "." ï¼é£ä¹äºæ¢ææç "/" ä¸ "." ï¼ ä¾å¦ï¼"kernel.domainname=foo" çä»·äº "kernel/domainname=foo" ï¼é½ä¼å° "foo" åå¥ /proc/sys/kernel/domainname åæ°ä¸ã åæ ·çï¼"net.ipv4.conf.enp3s0/200.forwarding" çä»·äº "net/ipv4/conf/enp3s0.200/forwarding" ï¼ é½æ¯æ /proc/sys/net/ipv4/conf/enp3s0.200/forwarding åæ°ã
sysctl.d/ ä¸ç设置å°å¨ç³»ç»å¯å¨çæ©æ被åºç¨ã é对ç½ç»æ¥å£çéç½®ï¼ åä¼å¨å¯¹åºçç½ç»æ¥å£åºç°çæ¶å被åºç¨ï¼ å·ä½è¯´æ¥å°±æ¯ net.ipv4.conf.*, net.ipv6.conf.*, net.ipv4.neigh.*, net.ipv6.neigh.* åæ°ã
è®¸å¤ sysctl åæ°ä»å¨å è½½ç¸åºçåæ ¸æ¨¡åä¹åæå¯ç¨ã å 为åæ ¸æ¨¡åæ¯æéå¨æå è½½ç (ä¾å¦å¨æå¥æ°ç¡¬ä»¶æå¯å¨ç½ç»æ¶)ï¼ æ以å¨ç³»ç»å¯å¨æ©æè¿è¡ç systemd-sysctl.service(8) æ æ³è®¾ç½®é£äºä¾èµäºç¹å®åæ ¸æ¨¡åçåæ°ã 对äºè¿äºåæ°ï¼ é¦éçæ¹æ³æ¯éè¿ udev(7) è§åæ¥è®¾ç½®ï¼ 次éçæ¹æ³æ¯å°è¿äºæ¨¡åæ·»å å° modules-load.d(5) ä¸ï¼ å 为 modules-load.d(5) ä¸ç模åä¼å¨è¿è¡ systemd-sysctl.service(8) å被æ æ¡ä»¶çéæå è½½(åè§"ä¾å"å°è)ã
éç½®ç®å½åå¶ä¼å级
éç½®æ件ä¾æ¬¡ä» /etc/, /run/, /usr/lib/ ç®å½ä¸è¯»åã éç½®æ件çå称å¿é¡»ç¬¦å filename.conf æ ¼å¼ã 对äºä¸åç®å½ä¸çååéç½®æ件ï¼ä»ä»¥ä¼å级æé«çç®å½ä¸çé£ä¸ä¸ªä¸ºåã å·ä½è¯´æ¥å°±æ¯ï¼ /etc/ çä¼å级æé«ã /run/ çä¼å级å±ä¸ã /usr/lib/ çä¼å级æä½ã
软件ååºè¯¥å°èªå¸¦çéç½®æ件å®è£å¨ /usr/lib/ ç®å½ä¸ã /etc/ ç®å½ä»ä¾ç³»ç»ç®¡çå使ç¨ã ææçéç½®æ件(æ 论ä½äºåªä¸ªç®å½ä¸- )ï¼ç»ä¸æç§æ件åçåå¸é¡ºåºå¤çã å¦æå¨å¤ä¸ªéç½®æ件ä¸è®¾ç½®äºåä¸ä¸ªéé¡¹ï¼ é£ä¹ä»ä»¥æ件åæé å(åå¸é¡ºåº)çé£ä¸ä¸ªä¸ºåã 为äºä¾¿äºæåºï¼å»ºè®®ç»ææéç½®æ件 é½å ä¸ä¸¤ä½åè¿å¶æ°åçæ件ååç¼ã
å¦æç³»ç»ç®¡çåæ³è¦å±è½ /usr/lib/ ç®å½ä¸çæ个éç½®æä»¶ï¼ é£ä¹æä½³åæ³æ¯å¨ /etc/ ç®å½ä¸ å建ä¸ä¸ªæå /dev/null çåå符å·é¾æ¥ï¼ å³å¯å½»åºå±è½ /usr/lib/ ç®å½ä¸çååæ件ã å¦æ软件åèªå¸¦çæ个éç½®æ件ä½äº initrd éåä¸ï¼ é£ä¹è¿å¿é¡»éæ°çæ initrd éåã
ä¾å
Example 1. 设置åæ ¸YPåå
/etc/sysctl.d/domain-name.conf:
kernel.domainname=example.com
Example 2. å©ç¨udevè§å设置å¨æåæ ¸æ¨¡åçåæ°(æ¹æ³ä¸)
/etc/udev/rules.d/99-bridge.rules:
ACTION=="add",
SUBSYSTEM=="module",
KERNEL=="br_netfilter", \
RUN+="/usr/lib/systemd/systemd-sysctl
--prefix=/net/bridge"
/etc/sysctl.d/bridge.conf:
net.bridge.bridge-nf-call-ip6tables
= 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
å 为æ¤æ¹æ³å¨å 载模åçåæ¶è®¾ç½®æ¨¡åçåæ°ï¼ æ以ä»å¨å è½½ br_netfilter 模åä¹åæè½è¿æ»¤æ¡¥æ¥åï¼ è¥ä¸æ³è¿æ»¤æ¡¥æ¥åï¼ åªè¦ä¸å è½½ br_netfilter 模åå³å¯ã
Example 3. å©ç¨ modules-load.d ç®å½è®¾ç½®å¨æåæ ¸æ¨¡åçåæ°(æ¹æ³äº)
/etc/modules-load.d/bridge.conf:
br_netfilter
/etc/sysctl.d/bridge.conf:
net.bridge.bridge-nf-call-ip6tables
= 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
å 为æ¤æ¹æ³æ»æ¯æ æ¡ä»¶çå è½½ br_netfilter 模åï¼ å¹¶ä¸æ»æ¯æ æ¡ä»¶ç设置模åçåæ°ï¼ æ以æ»æ¯æ æ¡ä»¶çè¿æ»¤æ¡¥æ¥åï¼è¥ä¸æ³è¿æ»¤æ¡¥æ¥åï¼ å¿é¡»ä¸»å¨å¸è½½ br_netfilter 模åã
åè§
systemd(1), systemd-sysctl.service(8), systemd-delta(1), sysctl(8) [1] , sysctl.conf(5), modprobe(8)
NOTES
|
1. |
sysctl(8) |
[set $man.base.url.for.relative.links]//man/sysctl.html
è·
æ¬é¡µé¢ä¸æçç±ä¸æ man æå页计åæä¾ã
ç¿»è¯äººåï¼éæ¥å½
éæ¥å½ä½åéï¼http://www.jinbuguo.com
ä¸æ man
æå页计åï¼https://github.com/man-pages-zh/manpages-zh