checking status
$ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
or just checking out the value in the /proc system
$ cat /proc/sys/net/ipv4/ip_forward 0
enable
sysctl -w net.ipv4.ip_forward=1
or
#redhat echo 1 > /proc/sys/net/ipv4/ip_forward #debian/ubuntu echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward;
disable
sysctl -w net.ipv4.ip_forward=0
or
echo 0 > /proc/sys/net/ipv4/ip_forward
without rebooting the system
表 41.1. net.ipv4.ip_forward
| user | route | wan |
|---|---|---|
| 192.168.0.2 | eth0:192.168.0.1 eth1:172.16.0.1 | 172.16.0.254 |
$ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
try out ping host from 192.168.0.2 to 192.168.0.1 , 172.16.0.1 and 172.16.0.254
you can access 192.168.0.1 , 172.16.0.1, but 172.16.0.254 time out
sysctl -w net.ipv4.ip_forward=1
try again ping 172.16.0.254
如果希望屏蔽别人 ping 你的主机,则加入以下代码:
# Disable ping requests net.ipv4.icmp_echo_ignore_all = 1
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
