The proc filesystem may very well be used to set all values in ipsysctl, however, this way of setting and reading variables should probably be more suitable for experimenting, and when we do not have access to the sysctl tool. This is also very good when we are dealing with certain variables that should not be turned on before a specific time in bootup. For example, it may be a very bad idea to turn on ip_forward before we have all the firewall rules and routes up and running.
All you need to use this method of reading and setting variables is the cat and echo commands as well as a standard shell such as bash. It is highly unlikely that you do not have any of these since all distributions carry these and should be more or less impossible to not install with the installation process.
First of all, all variables that may be used to change the default behaviour on your system resides in the /proc/sys/ directory. The settings that we are interested in during this tutorial are all placed within the /proc/sys/net/ipv4 directory. In other words, all you need to do to go there is the following command
cd /proc/sys/net/ipv4
To see all the variables available, issue the following command
ls
In other words, you should know about all of this already. If you don't, you are probably reading the wrong documentation. To see the setting in a specific variable, you would issue the cat ip_forward command. This would look something like this:
[blueflux@work1 ipv4]$ cat ip_forward 0 [blueflux@work1 ipv4]$
As you can see, these variables can be read by anyone who has an account on the machine in question. This could pose as a small security problem since anyone who gets on to your linux computer will be able to figure out all of your exact settings without too much hassle.
It is unfortunately impossible to block read access to the /proc filesystem as of writing this. The problem is that all read/write permissions are hardcoded within the /proc filesystem itself. and because of this, it is impossible to change the settings manually. If you really really need to change these settings, you can do it for the whole system from within the linux/fs/proc directory, which contains the source code for the Linux /proc filesystem. |
If we would like to change the above setting we would use the echo command. The echo command will normally echo any line we provide it with back to us on the screen. However, this could be piped via pretty much any standard shell to the file that we would like to save it in. This could then look like the following in bash:
[root@work1 ipv4]# echo "1" > ip_forward [root@work1 ipv4]#
As you can see, this time around we need to have root access to set the variable value. If we do not have root access, we would get the following error message:
[blueflux@work1 ipv4]$ echo "1" > ip_forward bash: ip_forward: Permission denied [blueflux@work1 ipv4]$
Do note that all the above examples takes into account that we are already within the the correct directory in the proc filesystem. This is the reason why we have not written the complete path to the variables.