firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix errors setting '/proc/sys/net/ipv4/ip_dynaddr'.

Browse Source
This commit is contained in:
Christoph
2026-03-15 13:10:15 +01:00
parent e75665808e
commit 1ca7a6bf43
3 changed files with 47 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
conf/default_basic_behavior.conf
View File

@@ -62,7 +62,7 @@ allow_speedtest=true
# Gaming
#
# Playstation (PS), Xbox, FiFa
#
#
allow_game_xbox_one_out=false
allow_game_xbox_360_out=false
allow_game_ps3_out=false
@@ -82,10 +82,10 @@ allow_game_call_of_duty=false
# - Services allowed between local networks
# ---
# - These Parameters are only considered, if traffic
# - between local networks are not permitted, thats
# - These Parameters are only considered, if traffic
# - between local networks are not permitted, thats
# - if 'permit_between_local_networks=false' (see below).
# -
# -
allow_ssh_between_local_nets=true
allow_samba_between_local_nets=false
allow_ldap_between_local_nets=false
@@ -116,8 +116,8 @@ permit_all_icmp_traffic=true
# -
provide_mailservice_from_local=true
# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks.
# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP,
# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks.
# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP,
# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
# -
create_iperf_rules=false
@@ -128,6 +128,38 @@ create_iperf_rules=false
# --- Router IPv4
# =============
# - Activate forwarding
# -
# - Enable/disable forwarding to and between interfaces
# -
kernel_activate_forwarding=true
# - Activate kernel support for dynamic IP adresses
# - (not needed in case of static IP)
# -
# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
# -
# - The values for the ip_dynaddr sysctl are [*]:
# -
# - 1: To enable:
# - 2: To enable verbosity:
# -
# - [*] At boot, by default no address rewriting is attempted.
# - [**] This code is currently totaly untested.
# -
# - Flags can be combined by adding them. Common settings
# - would be:
# -
# - To enable rewriting in quiet mode:
# - # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
# - To enable rewriting in verbose mode:
# - # echo 2 > /proc/sys/net/ipv4/ip_dynaddr
# - ...
# -
kernel_support_dynaddr=true
default_dynaddr_flag=2
# - Set to "true" to secure/tune the kernel
# -
adjust_kernel_parameters=true

2
conf/main_ipv4.conf.sample
View File

@@ -1989,7 +1989,7 @@ kernel_activate_forwarding=true
# - ...
# -
kernel_support_dynaddr=true
dynaddr_flag="3"
dynaddr_flag="$default_dynaddr_flag"
# - Reduce DoS'ing ability by reducing timeouts
# -

9
ipt-firewall-gateway
View File

@@ -156,13 +156,20 @@ else
echo_done
fi
if [[ -z "$dynaddr_flag" ]] ; then
dynaddr_flag=$default_dynaddr_flag
fi
if $kernel_support_dynaddr ; then
echononl "\tActivate kernel support for dynamic addresses.."
if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-3]+$ ]]; then
echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
echo_done
else
echo_failed
echononl "\t\tSet '/proc/sys/net/ipv4/ip_dynaddr' to '2'"
echo 2 > /proc/sys/net/ipv4/ip_dynaddr
echo_done
fi
else
echo 0 > /proc/sys/net/ipv4/ip_dynaddr