The role of the
/proc/sys
subdirectory is to report
different kernel parameters, and to allow you to interactively
change some of them. As opposed to all other files in
/proc
, some files in this directory can be
written to, but only by root
.
A list of directories and files would take too long to describe, mostly because the content of the directories are system-dependent and that most files will only be useful for very specialized applications. However, here are two common uses of this subdirectory:
Allow routing: even if the default kernel
from Mandriva Linux is able to route, you must explicitly allow
it to do so. For this, you just have to type the following command as
root
:
$ echo 1 >/proc/sys/net/ipv4/ip_forward
Prevent IP spoofing: IP spoofing consists of making one believe that a packet coming from the outside world comes from the interface by which it arrives. This technique is very commonly used by crackers [9]. You can make the kernel prevent this kind of intrusion. Type:
$ echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter
These changes will only remain in
effect while the system is running. If the system is rebooted,
then the values will go back to their defaults. To reset the
values to something other than the default at boot time, you can
take the commands that you typed at the shell prompt and add them
to /etc/rc.d/rc.local
so that you avoid
typing them each time. Another solution is to modify
/etc/sysctl.conf
, refer to sysctl.conf(5) and to sysctl(8) for more information.