refactor: split sysctl file
This commit is contained in:
parent
f0d2e555ac
commit
1b98ea698d
13 changed files with 346 additions and 127 deletions
56
common/nixos/sysctl/networking/ipv6.nix
Normal file
56
common/nixos/sysctl/networking/ipv6.nix
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
boot.kernel.sysctl = {
|
||||
# disallow IPv6 packet forwarding
|
||||
"net.ipv6.conf.default.forwarding" = 0;
|
||||
"net.ipv6.conf.all.forwarding" = 0;
|
||||
|
||||
# number of Router Solicitations to send until assuming no routers are present
|
||||
"net.ipv6.conf.default.router_solicitations" = 0;
|
||||
"net.ipv6.conf.all.router_solicitations" = 0;
|
||||
|
||||
# do not accept Router Preference from RA
|
||||
"net.ipv6.conf.default.accept_ra_rtr_pref" = 0;
|
||||
"net.ipv6.conf.all.accept_ra_rtr_pref" = 0;
|
||||
|
||||
# learn prefix information in router advertisement
|
||||
"net.ipv6.conf.default.accept_ra_pinfo" = 0;
|
||||
"net.ipv6.conf.all.accept_ra_pinfo" = 0;
|
||||
|
||||
# setting controls whether the system will accept Hop Limit settings from a router advertisement
|
||||
"net.ipv6.conf.default.accept_ra_defrtr" = 0;
|
||||
"net.ipv6.conf.all.accept_ra_defrtr" = 0;
|
||||
|
||||
# router advertisements can cause the system to assign a global unicast address to an interface
|
||||
"net.ipv6.conf.default.autoconf" = 0;
|
||||
"net.ipv6.conf.all.autoconf" = 0;
|
||||
|
||||
# number of neighbor solicitations to send out per address
|
||||
"net.ipv6.conf.default.dad_transmits" = 0;
|
||||
"net.ipv6.conf.all.dad_transmits" = 0;
|
||||
|
||||
# number of global unicast IPv6 addresses can be assigned to each interface
|
||||
"net.ipv6.conf.default.max_addresses" = 1;
|
||||
"net.ipv6.conf.all.max_addresses" = 1;
|
||||
|
||||
# enable IPv6 Privacy Extensions (RFC30;41) and prefer the temporary address
|
||||
#"net.ipv6.conf.default.use_tempaddr" = 2; # Nix sets by default
|
||||
"net.ipv6.conf.all.use_tempaddr" = 2;
|
||||
|
||||
# ignore IPv6 ICMP redirect messages
|
||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
||||
|
||||
# do not accept packets with SRR option
|
||||
"net.ipv6.conf.default.accept_source_route" = 0;
|
||||
"net.ipv6.conf.all.accept_source_route" = 0;
|
||||
|
||||
# ignore all ICMPv6 echo requests
|
||||
#net.ipv6.icmp.echo_ignore_all = 1
|
||||
#net.ipv6.icmp.echo_ignore_anycast = 1
|
||||
#net.ipv6.icmp.echo_ignore_multicast = 1
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue