Settings in e.g. '/etc/sysctl.d/local.conf' will be overwritten by settings in default config file '/etc/sysctl.conf'. Example: In '/etc/sysctl.conf' there is set by default net.ipv4.ip_forward = 0 Usually, this should be overwritten by a user defined setting in '/etc/sysctl.d/local.conf': net.ipv4.ip_forward = 1 This didn't work. The /etc/sysctl.conf' takes precedence over all user settings. One workaround is to put a 'sysctl -p <file>' call in a '/etc/local.d/*.start' However, user settings have to have precedence over system settings. Reproducible: Always Steps to Reproduce: 1. check it out with the example 'net.ipv4.ip_forward = 1' from description 2. set 'net.ipv4.ip_forward = 1' in '/etc/sysctl.d/forward.conf' 3. do '/etc/init.d/sysctl restart' 4. do 'sysctl -a | grep net.ipv4.ip_forward'
The settings are applied in the order documented in the sysctl man page. /etc/sysctl.conf is under the sysadmin's control, so I don't see the problem here.
My intention is to prevent that (changes in) /etc/sysctl.conf will be overwritten accidently by an etc-update. Let me take the freedom to make two suggestions: 1. Add an 'include' statement at the bottom of the file (e.g. like in /etc/rsyslog.conf) 2. remove the option 'net.ipv4.ip_forward = 0' from the default config file (comment out). Maybe put it in a file in sysctl.d, outside of CONFIG_PROTECT.
