mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-05-18 15:08:10 +02:00
a8a2e6d727
Add support for configuring per-interface IPv4 sysctl forwarding setting in NetworkManager. The feature allows users to configure the net.ipv4.conf.<interface>.forward setting directly through NetworkManager, enabling targeted forwarding configurations for interfaces. This is particularly useful for cases such as enabling forwarding for MetalLB load balancing without requiring a global ip_forward=1 setting. While forwarding setting can be managed via /etc/sysctl.conf, configuring sysctl options for dynamically created or software-configured interfaces (e.g., bridges) poses challenges. With this feature, NetworkManager can configure these settings when interfaces are created or updated, users no longer need to rely on nm-dispatcher scripts for per-interface sysctl configuration, which can be error-prone and complex. This feature ensures a more seamless and integrated way to manage per-interface forwarding configurations, reducing user overhead and improving usability in complex network setups. We do not support configuring per-device IPv6 sysctl forwarding because in order to make per-device IPv6 sysctl forwarding work, we also need to enable the IPv6 global sysctl forwarding setting, but this has potential security concerns because it changes the behavior of the system to function as a router, which expose the system to new risks and unintended traffic flows, especially when enabling forwarding on the interface the user previously explicitly disabled. Also enabling per-device IPv6 sysctl setting will change the behavior of router advertisement (accept_ra), which is not expected. Therefore, we only support configuring per-device IPv4 sysctl forwarding option in NetworkManager. Resolves: https://issues.redhat.com/browse/RHEL-60237 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2071 https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/-/merge_requests/1833 |
||
|---|---|---|
| .. | ||
| adsl | ||
| bluetooth | ||
| ovs | ||
| team | ||
| tests | ||
| wifi | ||
| wwan | ||
| meson.build | ||
| nm-device-6lowpan.c | ||
| nm-device-6lowpan.h | ||
| nm-device-bond.c | ||
| nm-device-bond.h | ||
| nm-device-bridge.c | ||
| nm-device-bridge.h | ||
| nm-device-dummy.c | ||
| nm-device-dummy.h | ||
| nm-device-ethernet-utils.c | ||
| nm-device-ethernet-utils.h | ||
| nm-device-ethernet.c | ||
| nm-device-ethernet.h | ||
| nm-device-factory.c | ||
| nm-device-factory.h | ||
| nm-device-generic.c | ||
| nm-device-generic.h | ||
| nm-device-hsr.c | ||
| nm-device-hsr.h | ||
| nm-device-infiniband.c | ||
| nm-device-infiniband.h | ||
| nm-device-ip-tunnel.c | ||
| nm-device-ip-tunnel.h | ||
| nm-device-ipvlan.c | ||
| nm-device-ipvlan.h | ||
| nm-device-logging.h | ||
| nm-device-loopback.c | ||
| nm-device-loopback.h | ||
| nm-device-macsec.c | ||
| nm-device-macsec.h | ||
| nm-device-macvlan.c | ||
| nm-device-macvlan.h | ||
| nm-device-ppp.c | ||
| nm-device-ppp.h | ||
| nm-device-private.h | ||
| nm-device-tun.c | ||
| nm-device-tun.h | ||
| nm-device-utils.c | ||
| nm-device-utils.h | ||
| nm-device-veth.c | ||
| nm-device-veth.h | ||
| nm-device-vlan.c | ||
| nm-device-vlan.h | ||
| nm-device-vrf.c | ||
| nm-device-vrf.h | ||
| nm-device-vxlan.c | ||
| nm-device-vxlan.h | ||
| nm-device-wireguard.c | ||
| nm-device-wireguard.h | ||
| nm-device-wpan.c | ||
| nm-device-wpan.h | ||
| nm-device.c | ||
| nm-device.h | ||
| nm-lldp-listener.c | ||
| nm-lldp-listener.h | ||