Linux 系统 sysctl.conf 配置文件重启失效

2018-03-25 16:11:01 +08:00
 liangzi

发帖之前在网上搜了一下相关文章还是没有搞定

主机 openSUSE 42.3

修改后的内容如下

cat -n /etc/sysctl.conf | tail -n 5
    22  # net.ipv6.conf.all.disable_ipv6 = 1
    23  kernel.sysrq = 0
    24  net.ipv4.ip_forward = 1
    25  net.ipv4.tcp_syncookies = 1
    26  net.ipv6.conf.all.forwarding = 0

重启失效

然后使用

sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

然后

sudo sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0

重启依然失效

之后在 /etc/init.d/boot.local 添加了如下内容

/sbin/sysctl -e -p /etc/sysctl.conf

重启还是失败

请知道的麻烦告知一下这个该怎么修改 谢谢~

9322 次点击
所在节点    Linux
30 条回复
fangdingjun
2018-03-25 16:55:39 +08:00
看一下系统启动脚本,可能哪个脚本把那些设置还原了
最有可能的是启动网络的相关脚本

boot.local 的执行顺序是很靠前的
你要找一个执行顺序在最后的脚本执行那个命令
xfspace
2018-03-25 17:02:00 +08:00
systemctl status systemd-sysctl.service
expy
2018-03-25 17:28:25 +08:00
可能是路径问题?来自 https://wiki.archlinux.org/index.php/sysctl
>Note: From version 207 and 21x, systemd only applies settings from /etc/sysctl.d/*.conf and /usr/lib/sysctl.d/*.conf. If you had customized /etc/sysctl.conf, you need to rename it as /etc/sysctl.d/99-sysctl.conf. If you had e.g. /etc/sysctl.d/foo, you need to rename it to /etc/sysctl.d/foo.conf.
liangzi
2018-03-25 18:56:46 +08:00
@fangdingjun 感谢回复 我找找看

@xfspace systemctl status systemd-sysctl.service 输出内容如下:
日 3 月 25|18:53|0:>systemctl status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/systemd-sysctl.service.d
└─50-kernel-uname_r.conf
Active: active (exited) since 日 2018-03-25 15:53:46 CST; 3h 0min ago
Docs: man:systemd-sysctl.service(8)
man:sysctl.d(5)
Process: 447 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
Process: 437 ExecStartPre=/usr/lib/systemd/systemd-sysctl /boot/sysctl.conf-%v (code=exited, status=0/SUCCESS)
Main PID: 447 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
CGroup: /system.slice/systemd-sysctl.service

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
liangzi
2018-03-25 19:06:45 +08:00
@expy 我系统的 /etc/sysctl.d/里面有这个文件 不过他还是指向了上级目录的配置文件
lrwxrwxrwx 1 root root 16 10 月 30 2015 99-sysctl.conf -> /etc/sysctl.conf
defunct9
2018-03-25 19:07:04 +08:00
开 ssh,让我上去看看
f2f2f
2018-03-25 19:21:23 +08:00
不建议修改 sysctl.conf,可以在 /sysctl.d/下面创建一个 local.conf,再把设置放进去
liangzi
2018-03-25 19:34:33 +08:00
@defunct9 SSH 服务随机启动 不过我把端口屏蔽了
另外在 /etc/hosts.deny 里面禁止 sshd 了
另外我刚才 sudo systemctl enable systemd-sysctl.service 之后
重启发现并没有预期结果
sudo systemctl list-unit-files | grep 'enable' 里面并没有这个服务在随开机启动 难道开错了?
liangzi
2018-03-25 19:35:11 +08:00
@f2f2f 我试试 谢谢
liangzi
2018-03-25 19:57:25 +08:00
@f2f2f 这样配置对吗?
cd /etc/sysctl.d/
sudo cp ../sysctl.conf ./local.conf
sudo mv local.conf 50-locla.conf
sudo vim /etc/init.d/boot.local
重启还是不行....
xAx
2018-03-25 20:19:43 +08:00
# vim /etc/sysctl.d/99-sysctl.conf

opensuse 不了解,但遇到几个发行版已将 sysctl.conf 移走,重启会自动还原,就像曾经 resolve.conf 一样
liangzi
2018-03-25 20:33:39 +08:00
@xAx resolve.conf 可以 chmod attr +i 来解决
f2f2f
2018-03-25 22:35:27 +08:00
@liangzi sysctl --system 执行一下?
tomychen
2018-03-25 23:38:31 +08:00
systemd 后,我感觉我是不会用 linux 了 :-(
YanwenSun
2018-03-25 23:45:19 +08:00
会不会是 sysctl.conf 在 initrd 里 修改好后重建 initrd 试试
Beebird
2018-03-26 00:16:38 +08:00
会不会其他地方有冲突的变量设定?
grep -R 'net.ipv4.ip_forward' /etc/ 看看?
/sbin/sysctl -e -p /etc/sysctl.conf 也不必要。。。

另外可以不必重启,先看 systemctl restart systemd-sysctl.service 能否载入内核参数。
wwhc
2018-03-26 00:22:44 +08:00
几年前就讨论过:
The SuSeFirewall service overwrites network related sysctl settings. I suppose this is a bug. Do you know if there is a way to tell the firewall scripts to leave untouched sysctl parameters ?
I had a look to SuSeFirewall yast graphic configuration mask and to /etc/sysconfig/SuSEFirewall* files, without any success.

Is someone of you so kind to do a very simple test just to double check if this behavior is common to all 12.2 installations and it's not related someway with my particular configuration. ?

The test could be very simple:
1) modify something network related using /etc/sysctl.conf, for example add some lines like this:
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.br0.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
Please note that the value you are modifying must be different from kernel default
2) enable SuSEFirewall service
3) reboot
4) verify that your modifications are reverted to default

cat /proc/sys/net/ipv4/conf/eth0/log_martians
1

5) disable SuSEFirewall service
6) reboot
7) verify taht your modifications are in place

cat /proc/sys/net/ipv4/conf/eth0/log_martians
0

It was not a bug! the FW_KERNEL_SECURITY parameter in /etc/sysconfig/ allows you to stop SuSeFirewall from automatically setting several sysctl network related parameters.

https://forums.opensuse.org/showthread.php/483021-networking-settings-in-sysctl-conf-not-applyed-or-overwritten
liangzi
2018-03-26 06:37:33 +08:00
@wwhc 文件: /etc/sysconfig/SuSEfirewall2.rpmnew
可能的值:yes,no
描述:

Do you want to enable additional kernel TCP/IP security features?
If set to yes, some obscure kernel options are set.
(log_martians, rp_filter, routing flush, accept_source_route)

If you have configured one of these settings in /etc/sysctl.conf then
SuSEfirewall2 won't apply any different value to allow you to override some
of these settings to your liking. Also see FW_SYSCTL_DIRS.

Tip: Set this to "no" until you have verified that you have got a
configuration which works for you. Then set this to "yes" and keep it
if everything still works. (It should!) ;-)

Choice: "yes" or "no", if not set defaults to "yes"
这里显示的提示 if not set defaults to "yes
liangzi
2018-03-26 06:44:32 +08:00
@f2f2f
执行 sudo /sbin/sysctl -p/etc/sysctl.conf 之后
重新启动服务
sudo systemctl restart systemd-sysctl.service
cat /proc/sys/net/ipv4/ip_forward
1
到这里设置是有效的
-------------------------------------------------
重启系统:
执行
一 3 月 26|06:39|0:>cat /proc/sys/net/ipv4/ip_forward
0
到这里又失败了
~
一 3 月 26|06:39|0:>sudo sysctl --system
[sudo] xuan 的密码:
* Applying /boot/sysctl.conf-4.4.120-45-default ...
kernel.hung_task_timeout_secs = 0
kernel.msgmax = 65536
kernel.msgmnb = 65536
kernel.shmmax = 0xffffffffffffffff
kernel.shmall = 0x0fffffffffffff00
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
net.ipv6.conf.default.use_tempaddr = 1
fs.inotify.max_user_watches = 65536
kernel.sysrq = 184
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
* Applying /etc/sysctl.conf ...
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
~
一 3 月 26|06:40|0:>cat /proc/sys/net/ipv4/ip_forward
1
liangzi
2018-03-26 06:46:40 +08:00
@YanwenSun 没有重新建立引导 现在的问题是不知道原因具体在哪里 为嘛重启服务后修改是有效的 重启系统后修改就失败了
@Beebird 不知道其他变量到底是不是对这个修改有影响

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/441233

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX