Re: Changes to /etc/init.d/networking
On Fri, Apr 13, 2001 at 07:28:38AM -0600, Stefan Srdic wrote:
> Daniel Stone wrote:
>
> > Well, there's been a raging debate on linux-kernel about this. Basically,
> > some Cisco routers are broken, as the (outdated) RFC specified that this
> > field (the one for ECN) was "reserved", so Cisco took that to mean "must be
> > zero". Hence, when you turn ECN on, a lot of Cisco routers drop the packet -
> > including the ones for Hotmail, etc.
> >
> > Hope this helps,
> > :) d
>
> That could explain a few problems that I have been having while attempting to
> download from the net through my Windows clients, maybe it would be best to leave
> ECN to its default value (off) untill further investigation proves otherwise. Funny
> how there was no mention of this in the kernel documentation.
Yep, it's recommended you leave it to off for the time being, the only
person I know who's happy with it on is David Miller, and he's, well, David
Miller. ;)
> Anyway...
>
> Are there any other IPV4 settings that I should know about that increase system
> transfer efficientcy and security?
Those settings look good to me :)
> Would it be recomended to execute an IPTables script via the networking init script?
I think it should be left up to the user, as there are packages (including
ferm and agt), which convert configuration language into
iptables/chains/fwadm rulesets, so the user might want this. Then there are
people with their own rulesets. (I'm currently packaging agt, btw).
Other than that, looks good!
:) d
--
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
G!>CS d s++:- a---- C++ ULS++++$>B P---- L+++>++++ E+(joe)>+++ W++ N->++ !o
K? w++(--) O---- M- V-- PS+++ PE- Y PGP>++ t--- 5-- X- R- tv-(!) b+++ DI+++
D+ G e->++ h!(+) r+(%) y? UF++
------END GEEK CODE BLOCK------
Reply to: