diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2013-01-25 05:58:58 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2013-01-25 05:58:58 +0000 |
| commit | 6f0adbb7648cebbe9f60f2294bbf4e4e1eca7b08 (patch) | |
| tree | 135a854c697e59cfcdd5f99b5c4701a0f22608e8 | |
| parent | add groupwise to /etc/services #432550 by Jon Gerdes (diff) | |
| download | baselayout-6f0adbb7648cebbe9f60f2294bbf4e4e1eca7b08.tar.gz baselayout-6f0adbb7648cebbe9f60f2294bbf4e4e1eca7b08.tar.bz2 baselayout-6f0adbb7648cebbe9f60f2294bbf4e4e1eca7b08.zip | |
sysctl.conf: document new net.ipv4.ping_group_range option
svn path=/trunk/; revision=3205
| -rw-r--r-- | etc.Linux/sysctl.conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc.Linux/sysctl.conf b/etc.Linux/sysctl.conf index 8ae7ce9d..08466bf9 100644 --- a/etc.Linux/sysctl.conf +++ b/etc.Linux/sysctl.conf @@ -24,6 +24,12 @@ net.ipv4.conf.all.rp_filter = 1 # http://cr.yp.to/syncookies.html #net.ipv4.tcp_syncookies = 1 +# Enable people in the specified (min, max) group range to send ICMP_ECHO +# messages (i.e. ping) and receive ICMP_ECHOREPLY responses. This allows +# you to run non-suid and non-caps `ping`, but it also means anyone with +# a gid in this range can send those packets (not just via `ping`). +#net.ipv4.ping_group_range = 100 100 + # Disable source route #net.ipv4.conf.all.accept_source_route = 0 #net.ipv4.conf.default.accept_source_route = 0 |