debian ubuntu 启动时忽略 sysctl.conf 的设置

Ubuntu或Debian中,sysctl.conf的配置

类似

net.ipv4.conf.all.log_martians=1 
net.ipv4.conf.all.rp_filter=1     
net.ipv4.conf.default.log_martians=1  
在重启后无法生效。
原因是/etc/init.d/procps.sh在启动过程中起步太早,无法应用许多sysctl。由于它是在加载网络模块和安装文件系统之前运行的,因此存在很多常用的sysctl,这些sysctl在启动时会被忽略,并向控制台产生错误。
网上的所有文档都涉及更改/etc/sysctl.conf中的某些设置,例如net.ipv4.netfilter.ip_conntrack_max对于Ubuntu&Debian是错误的。

资料来源:
https://serverfault.com/questions/355520/after-reboot-debian-box-ignore-sysctl-conf-values
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/50093
这是个深坑,centos可以用但是Debian系的发行版无法生效。

-------------------
Asked 
Active 9 months ago
Viewed 14k times

7

5

Where is right place for sysctl redefined values?

I have:

> uname -a
Linux note 3.1.0-1-amd64 #1 SMP Tue Jan 10 05:01:58 UTC 2012 x86_64 GNU/Linux

> cat /etc/debian_version 
wheezy/sid


> tail -n 2 /etc/sysctl.conf   
#
net.ipv6.bindv6only=0

But after each reboot net.ipv6.bindv6only still 1

7

Check if there is a file in /etc/sysctl.d with your parameter. These files override the /etc/sysctl.conf file…

  • yep. i found /etc/sysctl.d/bindv6only.conf thanks – Korjavin Ivan Feb 1 ’12 at 11:18
  • /etc/sysctl.d/README states the precedence order and specifically “use /etc/sysctl.conf directly, which overrides anything in this directory.” Is the README wrong? – lkanab Jan 3 ’17 at 7:59
  • If you have a recent Debian, it load the /etc/sysctl.conf at the last one (see 99-sysctl.conf file). This topic is for old Debian (before 2014). In the new versions, the files must have a number to know the order to use. – Dom Jan 3 ’17 at 8:35
  • @Dom i am using ubuntu 16.04 LTS . Still it not taking /etc/sysctl.conf neighter 99-sysctl.conf as precedence file. anything still missing? – jit Dec 27 ’17 at 13:26
  • Check the syntax of the files. They should be used. In 16.04, the files must have a XX- and .conf at the end. Try to restart procps service and look at logs, it can be an error – Dom Dec 27 ’17 at 22:27

14

https://bugs.launchpad.net/ubuntu/+source/procps/+bug/50093

/etc/init.d/procps.sh comes too early in the boot process to apply a lot of sysctl’s. As it runs before networking modules are loaded and filesystems are mounted, there are quite a lot of commonly-used sysctl’s which are simply ignored on boot and produce errors to the console.

All documentation on the net referring to changing certain settings in /etc/sysctl.conf such as net.ipv4.netfilter.ip_conntrack_max is wrong for Ubuntu & Debian.

Finally, “It seems to me it is a Debian Squeeze bug, see here for an example and workaround: http://wiki.debian.org/BridgeNetworkConnections

In the latter case, the procps init script should take care of loading them during boot. However, on Squeeze it does not, and you need to restart it from /etc/rc.local (or similar):

# /etc/rc.local

# Load kernel variables from /etc/sysctl.d
/etc/init.d/procps restart

exit 0

2

If you use ufw (uncomplicated firewall) you really need to change the values in /etc/ufw/sysctl.conf as the configuration here overrides /etc/sysctl.conf one.

0

This is set by the procps init script. make sure this init script is enabled with update-rc.d procps enable. If it is enabled you should expect a link from a file in /etc/rcS.d to /etc/init.d/procps. If this init script is working correctly manually running /etc/init.d/procps restart should make the setting.

  • You mean Debian doesn’t read sysctl.conf by default? wow. – James O’Gorman Jan 31 ’12 at 18:59
  • it reads sysctl by default. the /etc/init.d/procps mecahnism is the default mechanism. If my answer works, it is because this init script was disabled for some reason, which might be a bug. A bug causing this would not be surprising since he is running either the testing or unstable release of debian (or some combination thereof) – stew Jan 31 ’12 at 19:06
  • > sysctl net.ipv6.bindv6only net.ipv6.bindv6only = 1 doesnt works – Korjavin Ivan Feb 1 ’12 at 11:17

上一篇
下一篇