2 .TH "SYSCTL\&.D" "5" "" "systemd 219" "sysctl.d"
3 .\" -----------------------------------------------------------------
4 .\" * Define some portability stuff
5 .\" -----------------------------------------------------------------
6 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7 .\" http://bugs.debian.org/507673
8 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
9 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
12 .\" -----------------------------------------------------------------
13 .\" * set default formatting
14 .\" -----------------------------------------------------------------
15 .\" disable hyphenation
17 .\" disable justification (adjust text to left margin only)
19 .\" -----------------------------------------------------------------
20 .\" * MAIN CONTENT STARTS HERE *
21 .\" -----------------------------------------------------------------
23 sysctl.d \- Configure kernel parameters at boot
26 /etc/sysctl\&.d/*\&.conf
28 /run/sysctl\&.d/*\&.conf
30 /usr/lib/sysctl\&.d/*\&.conf
34 \fBsystemd-sysctl.service\fR(8)
35 reads configuration files from the above directories to configure
38 .SH "CONFIGURATION FORMAT"
40 The configuration files contain a list of variable assignments, separated by newlines\&. Empty lines and lines whose first non\-whitespace character is
50 may be used as separators within sysctl variable names\&. If the first separator is a slash, remaining slashes and dots are left intact\&. If the first separator is a dot, dots and slashes are interchanged\&.
51 "kernel\&.domainname=foo"
53 "kernel/domainname=foo"
54 are equivalent and will cause
57 /proc/sys/kernel/domainname\&. Either
58 "net\&.ipv4\&.conf\&.enp3s0/200\&.forwarding"
60 "net/ipv4/conf/enp3s0\&.200/forwarding"
61 may be used to refer to
62 /proc/sys/net/ipv4/conf/enp3s0\&.200/forwarding\&.
64 The settings configured with
66 files will be applied early on boot\&. The network interface\-specific options will also be applied individually for each network interface as it shows up in the system\&. (More specifically,
67 net\&.ipv4\&.conf\&.*,
68 net\&.ipv6\&.conf\&.*,
69 net\&.ipv4\&.neigh\&.*
71 net\&.ipv6\&.neigh\&.*)\&.
73 Many sysctl parameters only become available when certain kernel modules are loaded\&. Modules are usually loaded on demand, e\&.g\&. when certain hardware is plugged in or network brought up\&. This means that
74 \fBsystemd-sysctl.service\fR(8)
75 which runs during early boot will not configure such parameters if they become available after it has run\&. To set such parameters, it is recommended to add an
77 rule to set those parameters when they become available\&. Alternatively, a slightly simpler and less efficient option is to add the module to
78 \fBmodules-load.d\fR(5), causing it to be loaded statically before sysctl settings are applied (see example below)\&.
79 .SH "CONFIGURATION DIRECTORIES AND PRECEDENCE"
81 Configuration files are read from directories in
84 /usr/lib/, in order of precedence\&. Each configuration file in these configuration directories shall be named in the style of
85 \fIfilename\fR\&.conf\&. Files in
87 override files with the same name in
92 override files with the same name in
95 Packages should install their configuration files in
98 are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in\&. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&.
100 If the administrator wants to disable a configuration file supplied by the vendor, the recommended way is to place a symlink to
102 in the configuration directory in
103 /etc/, with the same filename as the vendor configuration file\&.
106 \fBExample\ \&1.\ \&Set kernel YP domain name\fR
108 /etc/sysctl\&.d/domain\-name\&.conf:
114 kernel\&.domainname=example\&.com
120 \fBExample\ \&2.\ \&Disable packet filter on bridged packets (method one)\fR
122 /etc/udev/rules\&.d/99\-bridge\&.rules:
128 ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd\-sysctl \-\-prefix=/net/bridge"
134 /etc/sysctl\&.d/bridge\&.conf:
140 net\&.bridge\&.bridge\-nf\-call\-ip6tables = 0
141 net\&.bridge\&.bridge\-nf\-call\-iptables = 0
142 net\&.bridge\&.bridge\-nf\-call\-arptables = 0
148 \fBExample\ \&3.\ \&Disable packet filter on bridged packets (method two)\fR
150 /etc/modules\-load\&.d/bridge\&.conf:
162 /etc/sysctl\&.d/bridge\&.conf:
168 net\&.bridge\&.bridge\-nf\-call\-ip6tables = 0
169 net\&.bridge\&.bridge\-nf\-call\-iptables = 0
170 net\&.bridge\&.bridge\-nf\-call\-arptables = 0
178 \fBsystemd-sysctl.service\fR(8),
179 \fBsystemd-delta\fR(1),
181 \fBsysctl.conf\fR(5),