Imported Upstream version 219

[systemd.git] / man / sysctl.d.5

'\" t
.TH "SYSCTL\&.D" "5" "" "systemd 219" "sysctl.d"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
sysctl.d \- Configure kernel parameters at boot
.SH "SYNOPSIS"
.PP
/etc/sysctl\&.d/*\&.conf
.PP
/run/sysctl\&.d/*\&.conf
.PP
/usr/lib/sysctl\&.d/*\&.conf
.SH "DESCRIPTION"
.PP
At boot,
\fBsystemd-sysctl.service\fR(8)
reads configuration files from the above directories to configure
\fBsysctl\fR(8)
kernel parameters\&.
.SH "CONFIGURATION FORMAT"
.PP
The configuration files contain a list of variable assignments, separated by newlines\&. Empty lines and lines whose first non\-whitespace character is
"#"
or
";"
are ignored\&.
.PP
Note that either
"/"
or
"\&."
may be used as separators within sysctl variable names\&. If the first separator is a slash, remaining slashes and dots are left intact\&. If the first separator is a dot, dots and slashes are interchanged\&.
"kernel\&.domainname=foo"
and
"kernel/domainname=foo"
are equivalent and will cause
"foo"
to be written to
/proc/sys/kernel/domainname\&. Either
"net\&.ipv4\&.conf\&.enp3s0/200\&.forwarding"
or
"net/ipv4/conf/enp3s0\&.200/forwarding"
may be used to refer to
/proc/sys/net/ipv4/conf/enp3s0\&.200/forwarding\&.
.PP
The settings configured with
sysctl\&.d
files will be applied early on boot\&. The network interface\-specific options will also be applied individually for each network interface as it shows up in the system\&. (More specifically,
net\&.ipv4\&.conf\&.*,
net\&.ipv6\&.conf\&.*,
net\&.ipv4\&.neigh\&.*
and
net\&.ipv6\&.neigh\&.*)\&.
.PP
Many sysctl parameters only become available when certain kernel modules are loaded\&. Modules are usually loaded on demand, e\&.g\&. when certain hardware is plugged in or network brought up\&. This means that
\fBsystemd-sysctl.service\fR(8)
which runs during early boot will not configure such parameters if they become available after it has run\&. To set such parameters, it is recommended to add an
\fBudev\fR(7)
rule to set those parameters when they become available\&. Alternatively, a slightly simpler and less efficient option is to add the module to
\fBmodules-load.d\fR(5), causing it to be loaded statically before sysctl settings are applied (see example below)\&.
.SH "CONFIGURATION DIRECTORIES AND PRECEDENCE"
.PP
Configuration files are read from directories in
/etc/,
/run/, and
/usr/lib/, in order of precedence\&. Each configuration file in these configuration directories shall be named in the style of
\fIfilename\fR\&.conf\&. Files in
/etc/
override files with the same name in
/run/
and
/usr/lib/\&. Files in
/run/
override files with the same name in
/usr/lib/\&.
.PP
Packages should install their configuration files in
/usr/lib/\&. Files in
/etc/
are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in\&. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence\&. It is recommended to prefix all filenames with a two\-digit number and a dash, to simplify the ordering of the files\&.
.PP
If the administrator wants to disable a configuration file supplied by the vendor, the recommended way is to place a symlink to
/dev/null
in the configuration directory in
/etc/, with the same filename as the vendor configuration file\&.
.SH "EXAMPLES"
.PP
\fBExample\ \&1.\ \&Set kernel YP domain name\fR
.PP
/etc/sysctl\&.d/domain\-name\&.conf:
.sp
.if n \{\
.RS 4
.\}
.nf
kernel\&.domainname=example\&.com
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&2.\ \&Disable packet filter on bridged packets (method one)\fR
.PP
/etc/udev/rules\&.d/99\-bridge\&.rules:
.sp
.if n \{\
.RS 4
.\}
.nf
ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd\-sysctl \-\-prefix=/net/bridge"
.fi
.if n \{\
.RE
.\}
.PP
/etc/sysctl\&.d/bridge\&.conf:
.sp
.if n \{\
.RS 4
.\}
.nf
net\&.bridge\&.bridge\-nf\-call\-ip6tables = 0
net\&.bridge\&.bridge\-nf\-call\-iptables = 0
net\&.bridge\&.bridge\-nf\-call\-arptables = 0
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&3.\ \&Disable packet filter on bridged packets (method two)\fR
.PP
/etc/modules\-load\&.d/bridge\&.conf:
.sp
.if n \{\
.RS 4
.\}
.nf
bridge
.fi
.if n \{\
.RE
.\}
.PP
/etc/sysctl\&.d/bridge\&.conf:
.sp
.if n \{\
.RS 4
.\}
.nf
net\&.bridge\&.bridge\-nf\-call\-ip6tables = 0
net\&.bridge\&.bridge\-nf\-call\-iptables = 0
net\&.bridge\&.bridge\-nf\-call\-arptables = 0
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1),
\fBsystemd-sysctl.service\fR(8),
\fBsystemd-delta\fR(1),
\fBsysctl\fR(8),
\fBsysctl.conf\fR(5),
\fBmodprobe\fR(8)