The sysctl Facility

The sysctl utility retrieves and allows modification of fine-grained kernel parameters on running systems. Parameters can be placed in /etc/sysctl.conf to be set at boot time. Consult the manual page sysctl(8) for further details.

Example 3-1 shows an example output of sysctl and how to alter variables (assign a value). As you can derive from reading the man pages, sysctl works only slightly differently on BSD systems.

Example 3-1. UNIX sysctl Utility

[root@castor:#] sysctl -a | grep ipsec

net.inet.ipsec.def_policy: 1

net.inet.ipsec.esp_trans_deflev: 1

net.inet.ipsec.esp_net_deflev: 1

net.inet.ipsec.ah_trans_deflev: 1

net.inet.ipsec.ah_net_deflev: 1

net.inet.ipsec.ah_cleartos: 1

net.inet.ipsec.ah_offsetmask: 0

net.inet.ipsec.dfbit: 0

net.inet.ipsec.ecn: 0

net.inet.ipsec.debug: 1

net.inet.ipsec.esp_randpad: -1

net.inet6.ipsec6.def_policy: 1

net.inet6.ipsec6.esp_trans_deflev: 1

net.inet6.ipsec6.esp_net_deflev: 1

net.inet6.ipsec6.ah_trans_deflev: 1

net.inet6.ipsec6.ah_net_deflev: 1

net.inet6.ipsec6.ecn: 0

net.inet6.ipsec6.debug: 1

net.inet6.ipsec6.esp_randpad: -1

[root@castor:~#] sysctl net.inet.ipsec.dfbit=0

net.inet.ipsec.dfbit: 0 -> 0

[root@callisto:~#] sysctl -w net.ipv4.ip_forward=1