From 284a50288c3f5dcd08e0840ac5deb8103200f976 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 26 Feb 2019 20:32:08 +0200 Subject: [PATCH] sysctl.d: document privacy extensions & use double # for comments --- etc/sysctl.d/40-ipv6.conf | 1 + etc/sysctl.d/60-mikaela.conf | 17 +++++++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/etc/sysctl.d/40-ipv6.conf b/etc/sysctl.d/40-ipv6.conf index f8dc5d34..91a93622 100644 --- a/etc/sysctl.d/40-ipv6.conf +++ b/etc/sysctl.d/40-ipv6.conf @@ -1,4 +1,5 @@ # Enable IPv6 Privacy Extensions +# 2 for enabling and preferring, 1 to only enable, 0 to disable net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 #net.ipv6.conf.eth0.use_tempaddr = 2 diff --git a/etc/sysctl.d/60-mikaela.conf b/etc/sysctl.d/60-mikaela.conf index 0278d40c..106a4e5e 100644 --- a/etc/sysctl.d/60-mikaela.conf +++ b/etc/sysctl.d/60-mikaela.conf @@ -1,18 +1,23 @@ -# Kernel settings that I prefer to have. ~~ Mikaela +## Kernel settings that I prefer to have. ~~ Mikaela -# Core files appear with filename --.core +## Core files appear with filename --.core kernel.core_pattern = %e-%p-%h.core -# When binding to IPv6, only bind to IPv6. Avoids dotted-decimals +## When binding to IPv6, only bind to IPv6. Avoids dotted-decimals net.ipv6.bindv6only=1 ## Enable IPv6 privacy extensions and prefer them to the EUI-64 address +## This should be 2 for clients to use and prefer private extensions address +## and 0 for servers or devices that don't move around. net.ipv6.conf.default.use_tempaddr=2 net.ipv6.conf.all.use_tempaddr=2 -# In case of systemd-networkd (which won't work with the above): +## In case of systemd-networkd (which won't work with the above) and +## interfaces that are up when the option is changed: #net.ipv6.conf.eth0.use_tempaddr=2 +#net.ipv6.conf.enp4s0f1.use_tempaddr=2 #net.ipv6.conf.wlan0.use_tempaddr=2 +#net.ipv6.conf.wlp3s0.use_tempaddr=2 -# Enable the Magic SysRq key -# https://en.wikipedia.org/wiki/Magic_SysRq_key +## Enable the Magic SysRq key +## https://en.wikipedia.org/wiki/Magic_SysRq_key kernel.sysrq = 1