On 7/8/05, Eric Hines <eehines@xxxxxxxxxxx> wrote: > I must add the command > > echo 1 > /proc/sys/net/ipv4/ip_forward > > to the /etc/rc.d/boot.local. This person also advises that "I may want > to do the echo command last and include "0" in the init scripts, since > it opens up your network for a short time." As others have mentioned you can set most kernel tunables (as most anything under /proc/sys) by just editing /etc/sysctl.conf. Read up on the man pages for sysctl(1) and sysctl.conf(5). If you install the kernel documentation (yum install kernel-doc), you can read up on what most things do by reading the files under /usr/share/doc/kernel-doc-2.6.11/Documentation/sysctl/ You shouldn't need to worry about exposure during boot. All your iptables firewall rules are loaded before the network interfaces are brought up. Be sure to add whatever you want to your FORWARD chain, and save it with iptables-save. Note that just for safety, you may want to explicitly set your IPv6 stack to not do forwarding unless you're purposefully routing IPv6. See /proc/sys/net/ipv6/conf/default/forwarding -- Deron Meranda
