ip-array sysctl rules — Configure ip-array sysctl rule files
/etc/ip-array/{stable|test}/conf.d/sysctl.d/fileInside the sysctl rule files the system settings are stored. They are written in simple XML. By parsing them IP-Array composes command line arguments for the sysctl program.
A rule definition file must contain the root tag including the describing name attribule and the syntax version:
<ip_array_root name="sysctl_rules" syntax_version="1.0">
The name attribute tells us it is an sysctl rule definition.
The syntax_version attribute defines the syntax version. 1.0 is available by now.
The XML syntax can be used in a relaxed way (not XML compatible). Tags can be closed by a simple `/>'. Attributes can have their value enclosed inside single quotes, or not quoted at all.
XML style comments are valid inside sysctl rule files. Public functions etc. are not.
The XML tags used in sysctl rule files are an exact representation of the names used with the sysctl program. Each of the names used by the sysctl program, which are separated by a dots, will be the name of the XML tag, or the attribute if it is the actual setting. Example:
net.ipv4.ip_forward=1 from sysctl will be described in XML like
this:
<net>
<ipv4>
<ip_forward> 1 </ip_forward>
</ipv4>
</net>
or as attribute:
<net>
<ipv4 ip_forward="1">
</ipv4>
</net>
or even shorter as attribute if only this single setting is used:
<net>
<ipv4 ip_forward="1"/>
</net>
You can mix both ways as you wish. To see all the available types of your local system, run either sysctl -a or ip-array compat-check.
Shell variables are valid as tag names inside
sysctl rules. The main purpose of this feature is to allow generic configuration of
values that may change system depending. i.e. the interface names in
net.ipv4.conf.$INTERFACE_NAME. The variable must
not be quoted! You can either write them with or without the curly
braces: <$VARIABLE> or <${VARIABLE}>.
Now if you define you interface name variables inside the i.e. alias.conf configuration file, you can use them inside your sysctl rule files. And every time an interface changes, all you need to do, is to modify the variable and re-parse the sysctl rule files.
Example: inside alias.conf you define: EXT_IF=eth0 and inside your sysctl rule file you write:
<net>
<ipv4>
<conf>
<$EXT_IF>
<accept_redirects> 0 </accept_redirects>
</$EXT_IF>
</conf>
</ipv4>
</net>
or as attribute (in the short form):
<net>
<ipv4>
<conf>
<$EXT_IF accept_redirects="0"/>
</conf>
</ipv4>
</net>
XML style comments are valid inside sysctl rule files. Public functions etc. are not.
In interactive mode, only the net.* (also suppressing ipv6.*) settings will be listed.