OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: Waschbuesch on December 27, 2020, 01:14:10 PM

Title: inconsistent tunables?
Post by: Waschbuesch on December 27, 2020, 01:14:10 PM
Hi all,
I just noticed that the default settings for tunables do not seem to match:

net.inet.ip.redirect = 0

but

net.inet6.ip6.redirect = 1


Is there a reason for disabling redirects for ipv4 but not ipv6? Or are the tunables similar only in name but not function (which would be bad, too, I guess.)

Thanks,

Martin
Title: Re: inconsistent tunables?
Post by: iask on February 16, 2021, 01:08:45 PM
what about

net.link.tap.user_open=1    Allow unprivileged access to tap(4) device nodes  :o

you may find this interesting too ..
Title: Re: inconsistent tunables?
Post by: franco on February 16, 2021, 07:41:23 PM
Most inconsistencies are for security or reliability as seen by users at the time. Might make sense to clean these up, but need to ask Ad on how to align them...

https://github.com/opnsense/core/commit/b424a2f9b3b733


Cheers,
Franco
Title: Re: inconsistent tunables?
Post by: franco on February 16, 2021, 07:44:18 PM
PS: As much info as you can possibly get from 2006 on the other one... https://github.com/pfsense/pfsense/commit/ed3ccdc74c27cf9