sysctl
Prev Kernun UTM Reference (5) Next

Name

sysctl — format of sysctl component configuration

DESCRIPTION

General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the sysctl component configuration.

Repeatable sections/items are marked by the '*' before section/item name.

TYPES

Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).

Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.

The following enumerations are used in sysctl configuration directives:

log-in-vain-proto (name-usage obligatory)

disable

Log in vain is disabled

tcp-udp

Log in vain is enabled for TCP and UDP

tcp

Log in vain is enabled for TCP

udp

Log in vain is enabled for UDP

blackhole-proto (name-usage obligatory)

disable

Blackhole is disabled

tcp-udp

Blackhole is enabled for TCP and UDP

tcp

Blackhole is enabled for TCP

udp

Blackhole is enabled for UDP

ITEMS AND SECTIONS

Configuration of sysctl library component consists of following prototypes:


  portrange ... ;
  sysctl { ... }
    

Description:

portrange lo hi;

Port range specification.

lo (type: port)

hi (type: port)

sysctl {


* variable ... ;
  portrange-default ... ;
  portrange-high ... ;
  portrange-low ... ;
  portrange-reserved ... ;
  somaxconn ... ;
  log-in-vain ... ;
  blackhole ... ;
}

        

System kernel variables definition.

Source for /etc/sysctl.conf file.

Items & subsections:

variable name value;

Kernel variable definition.

name (type: str)

Variable name.

value (type: str)

Variable value.

Constraints:

Variable name must contain alphanumeric chars and dots only.

portrange-default [lo [hi]];

Port range reserved by system.

lo (type: port, optional, default: 49152)

hi (type: port, optional, default: 65535)

portrange-high [lo [hi]];

Port range reserved by system.

lo (type: port, optional, default: 49152)

hi (type: port, optional, default: 65535)

portrange-low [lo [hi]];

Port range reserved by system.

lo (type: port, optional, default: 1023)

hi (type: port, optional, default: 600)

portrange-reserved [lo [hi]];

Port range that can only be bind-ed by user with UID 0 (root).

lo (type: port, optional, default: 0)

hi (type: port, optional, default: 1)

somaxconn [number];

Listen queue size.

System default for listen queue size for accepting new TCP connections. If the maximum of MAX-CHILDREN values among all TCP based proxies is higher, the maximum is used instead of this value.

number (type: uint32, optional, default: 16384)

log-in-vain [proto];

Log incomming packets to closed ports

proto (type: log-in-vain-proto, optional, default: disable)

blackhole [proto];

Do not send RST on segments to closed ports

proto (type: blackhole-proto, optional, default: disable)

[End of section sysctl description.]

SEE ALSO

configuration(7)

Prev Up Next
ssl Home system