Re: /proc/sys/net/* proliferation

Andi Kleen (
14 Sep 1997 19:13:18 +0200

Bryan Andregg <> writes:

> On 12 Sep 1997 12:13:26 +0200, Andi Kleen wrote:
> >P.S.: Anyone knows if Caldera/RedHat/SUSE ship their default kernels
> >with IP forwarding enabled?
> >
> Red Hat ships with this enabled but masquerading disabled.

Note that RedHat conflicts with RFC1122 (host requirements) then:

3.1 ....
The host software MUST NOT automatically
move into gateway mode if the host has more than one interface, as
the operator of the machine may neither want to provide that
service nor be competent to do so.

Your default kernel does this. I wonder how many redhat based firewalls
are insecure because of this ... . Please change it! I consider this
as a major bug.

Note that since 2.0.30 Linux has a ip_forward sysctl. The CONFIG_FORWARD
option only sets the default.

How about a /etc/sysconfig/ip-forwarding file in Thunderbird, that defaults
to off? It should be easy to add an checkbox for this into netcfg and the
install program.