看一下系统启动脚本，可能哪个脚本把那些设置还原了
最有可能的是启动网络的相关脚本

boot.local 的执行顺序是很靠前的
你要找一个执行顺序在最后的脚本执行那个命令

systemctl status systemd-sysctl.service

可能是路径问题？来自 https://wiki.archlinux.org/index.php/sysctl
>Note: From version 207 and 21x, systemd only applies settings from /etc/sysctl.d/*.conf and /usr/lib/sysctl.d/*.conf. If you had customized /etc/sysctl.conf, you need to rename it as /etc/sysctl.d/99-sysctl.conf. If you had e.g. /etc/sysctl.d/foo, you need to rename it to /etc/sysctl.d/foo.conf.

@fangdingjun 感谢回复 我找找看

@xfspace systemctl status systemd-sysctl.service 输出内容如下：
日 3 月 25|18:53|0:>systemctl status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/systemd-sysctl.service.d
└─50-kernel-uname_r.conf
Active: active (exited) since 日 2018-03-25 15:53:46 CST; 3h 0min ago
Docs: man:systemd-sysctl.service(8)
man:sysctl.d(5)
Process: 447 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
Process: 437 ExecStartPre=/usr/lib/systemd/systemd-sysctl /boot/sysctl.conf-%v (code=exited, status=0/SUCCESS)
Main PID: 447 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
CGroup: /system.slice/systemd-sysctl.service

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

@expy 我系统的 /etc/sysctl.d/里面有这个文件 不过他还是指向了上级目录的配置文件
lrwxrwxrwx 1 root root 16 10 月 30 2015 99-sysctl.conf -> /etc/sysctl.conf

开 ssh，让我上去看看

不建议修改 sysctl.conf，可以在 /sysctl.d/下面创建一个 local.conf，再把设置放进去

@defunct9 SSH 服务随机启动 不过我把端口屏蔽了
另外在 /etc/hosts.deny 里面禁止 sshd 了
另外我刚才 sudo systemctl enable systemd-sysctl.service 之后
重启发现并没有预期结果
sudo systemctl list-unit-files | grep 'enable' 里面并没有这个服务在随开机启动 难道开错了？

@f2f2f 我试试 谢谢

@f2f2f 这样配置对吗？
cd /etc/sysctl.d/
sudo cp ../sysctl.conf ./local.conf
sudo mv local.conf 50-locla.conf
sudo vim /etc/init.d/boot.local
重启还是不行....

# vim /etc/sysctl.d/99-sysctl.conf

opensuse 不了解，但遇到几个发行版已将 sysctl.conf 移走，重启会自动还原，就像曾经 resolve.conf 一样

@xAx resolve.conf 可以 chmod attr +i 来解决

@liangzi sysctl --system 执行一下？

systemd 后，我感觉我是不会用 linux 了 :-(

会不会是 sysctl.conf 在 initrd 里 修改好后重建 initrd 试试

会不会其他地方有冲突的变量设定？
grep -R 'net.ipv4.ip_forward' /etc/ 看看？
/sbin/sysctl -e -p /etc/sysctl.conf 也不必要。。。

另外可以不必重启，先看 systemctl restart systemd-sysctl.service 能否载入内核参数。

几年前就讨论过：
The SuSeFirewall service overwrites network related sysctl settings. I suppose this is a bug. Do you know if there is a way to tell the firewall scripts to leave untouched sysctl parameters ?
I had a look to SuSeFirewall yast graphic configuration mask and to /etc/sysconfig/SuSEFirewall* files, without any success.

Is someone of you so kind to do a very simple test just to double check if this behavior is common to all 12.2 installations and it's not related someway with my particular configuration. ?

The test could be very simple:
1) modify something network related using /etc/sysctl.conf, for example add some lines like this:
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.br0.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
Please note that the value you are modifying must be different from kernel default
2) enable SuSEFirewall service
3) reboot
4) verify that your modifications are reverted to default

cat /proc/sys/net/ipv4/conf/eth0/log_martians
1

5) disable SuSEFirewall service
6) reboot
7) verify taht your modifications are in place

cat /proc/sys/net/ipv4/conf/eth0/log_martians
0

It was not a bug! the FW_KERNEL_SECURITY parameter in /etc/sysconfig/ allows you to stop SuSeFirewall from automatically setting several sysctl network related parameters.

https://forums.opensuse.org/showthread.php/483021-networking-settings-in-sysctl-conf-not-applyed-or-overwritten

@wwhc 文件： /etc/sysconfig/SuSEfirewall2.rpmnew
可能的值：yes,no
描述：

Do you want to enable additional kernel TCP/IP security features?
If set to yes, some obscure kernel options are set.
(log_martians, rp_filter, routing flush, accept_source_route)

If you have configured one of these settings in /etc/sysctl.conf then
SuSEfirewall2 won't apply any different value to allow you to override some
of these settings to your liking. Also see FW_SYSCTL_DIRS.

Tip: Set this to "no" until you have verified that you have got a
configuration which works for you. Then set this to "yes" and keep it
if everything still works. (It should!) ;-)

Choice: "yes" or "no", if not set defaults to "yes"
这里显示的提示 if not set defaults to "yes

@f2f2f
执行 sudo /sbin/sysctl -p/etc/sysctl.conf 之后
重新启动服务
sudo systemctl restart systemd-sysctl.service
cat /proc/sys/net/ipv4/ip_forward
1
到这里设置是有效的
-------------------------------------------------
重启系统：
执行
一 3 月 26|06:39|0:>cat /proc/sys/net/ipv4/ip_forward
0
到这里又失败了
~
一 3 月 26|06:39|0:>sudo sysctl --system
[sudo] xuan 的密码：
* Applying /boot/sysctl.conf-4.4.120-45-default ...
kernel.hung_task_timeout_secs = 0
kernel.msgmax = 65536
kernel.msgmnb = 65536
kernel.shmmax = 0xffffffffffffffff
kernel.shmall = 0x0fffffffffffff00
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
net.ipv6.conf.default.use_tempaddr = 1
fs.inotify.max_user_watches = 65536
kernel.sysrq = 184
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
* Applying /etc/sysctl.conf ...
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
~
一 3 月 26|06:40|0:>cat /proc/sys/net/ipv4/ip_forward
1

@YanwenSun 没有重新建立引导 现在的问题是不知道原因具体在哪里 为嘛重启服务后修改是有效的 重启系统后修改就失败了
@Beebird 不知道其他变量到底是不是对这个修改有影响