Code Listing 10.9 ("Translating to sysctl.conf") of The Gentoo Linux Security Guide (http://www.gentoo.org/doc/en/gentoo-security.xml) does not address adding the iterative loop of Code Listing 10.7 ("Enable reverse path filtering") to sysctl.conf Reproducible: Always Steps to Reproduce: N/A Actual Results: N/A Expected Results: N/A No direction is given in `man sysctl.conf` either.
that's because the conf subdir has as many subdirs as your system has interfaces besides, we assume the user has some level of competence to figure it out themselves ... in other words, i dont think it's worth addressing
> besides, we assume the user has some level of competence to figure it out > themselves ... in other words, i dont think it's worth addressing. I disagree, generally, and believe that all of the various commands should be assembled together in one section (i.e., Code Listing 10.9) in order to clarify your somewhat-ambiguous directions regarding sysctl.conf. (If *I* can't understand it at first glance, I doubt that many novice-intermediate users will be able to either.)
Actually the loop is plain easy to "resolve" to the sysctl.conf. Just see what * is substituted with (it's plain shell expansion) and use that.
Then why don't you put that into the documentation? (I'm only trying to make Gentoo more usable for more people - instead of claiming the moral high-ground.)
Any proposal on how to put it in the text?
Sorry, I'm going to mark this one as WORKSFORME again. It really isn't hard to understand how sysctl.conf works with the information in the guide. If we would explain a bash loop in a security guide, chances are we need to explain a lot more than this. If anything, we can only refer to the Bash documentation available elsewhere.