[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#338235: Deprecated /etc/network/options and new installations



Hello,

During the reboot after new installations from Debian Installer we have 
noticed the warning that /etc/network/options is deprecated [1].

Currently d-i creates this file as part of the "prebaseconfig" step that 
prepares for the reboot into the new system. (The file is only created if 
not yet present after debootstrap, which is currently the case.)

We would appreciate your advice on where to go from here in the installer.
D-I should no longer install /etc/network/options, that looks easy. The 
question is what to do as alternative.

AFAICT doing nothing would result in spoof protection being disabled for 
new installations where currently it is enabled, as the default
/etc/sysctl.conf currently does not set net/ipv4/conf/all/rp_filter to 1.

We feel it would be wrong to modify /etc/sysctl.conf as part of the 
installation. Are there alternatives or should we just forget about 
setting that option by default? How relevant is it for basic system 
security?

For the other options (ip_forward and syncookies) the default set by D-I 
was "no", so there's no change for those.

We'd appreciate your input on this issue.

Cheers,
Frans Pop

[1] http://bugs.debian.org/338235

Attachment: pgpnz37seQYgq.pgp
Description: PGP signature


Reply to: