Writing directly to /proc versus using sysctl -w

kernel security networking linux

There is no difference. The sysctl command on Linux writes directly to files in /proc/sys. This snippet from the source code for sysctl proves it:

/*
 * Write a sysctl setting
 */
static int WriteSetting(const char *setting)
{
    /* ... */

    /* used to open the file */
    tmpname = xmalloc(equals - name + 1 + strlen(PROC_PATH));
    strcpy(tmpname, PROC_PATH);
    strncat(tmpname, name, (int) (equals - name));
    tmpname[equals - name + strlen(PROC_PATH)] = 0;
    /* change . to / */
    slashdot(tmpname + strlen(PROC_PATH), '.', '/');

    /* ... */

    fp = fopen(tmpname, "w");
    /* some error checking ... */
    rc = fprintf(fp, "%s\n", value);

    /* ... */
}

If you want something permanent you need to edit /etc/sysctl.conf or add a file under /etc/sysctl.d (e.g. /etc/sysctl.d/99-disable-ip-forwarding.conf) containing:

# Disable IP packet forwarding
net.ipv4.ip_forward = 0

By the way, some distributions already disable this explicitly by default. For example RHEL <= 6 or Fedora <= 15 have this in /etc/sysctl.conf:

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

Fedora 20 doesn't disable it explictly anymore. There's not forwarding setting in /etc/sysctl.conf, /etc/sysctl.d/ or /usr/lib/sysctl.d/.

Related

What arguments does the Mac's Terminal.app accept?
ImageMagick Convert: How to produce sharp resized PNG files from SVG files?
When should I use hard links as opposed to soft links?
Finding IP or hostname of origin machine (ssh)
is there a way to check the integrity of a cloned repo.?
Change DNS for particular browser only?
How to add "date modified" as a permanent option for sorting files in Windows?
Run Safari from terminal with given URL address without open command
Cannot start Hyper-V on MacBook in Bootcamp but can in Parallels
Rsync to multiple directories with one command?
Showing webpages as a screensaver in Mac OS X
How to change the theme of Windows 8 to the classic theme?