Hello, During the reboot after new installations from Debian Installer we have noticed the warning that /etc/network/options is deprecated [1]. Currently d-i creates this file as part of the "prebaseconfig" step that prepares for the reboot into the new system. (The file is only created if not yet present after debootstrap, which is currently the case.) We would appreciate your advice on where to go from here in the installer. D-I should no longer install /etc/network/options, that looks easy. The question is what to do as alternative. AFAICT doing nothing would result in spoof protection being disabled for new installations where currently it is enabled, as the default /etc/sysctl.conf currently does not set net/ipv4/conf/all/rp_filter to 1. We feel it would be wrong to modify /etc/sysctl.conf as part of the installation. Are there alternatives or should we just forget about setting that option by default? How relevant is it for basic system security? For the other options (ip_forward and syncookies) the default set by D-I was "no", so there's no change for those. We'd appreciate your input on this issue. Cheers, Frans Pop [1] http://bugs.debian.org/338235
Attachment:
pgp5B8hfas_KD.pgp
Description: PGP signature