Changing networkd's IPForward= default from "no" to "kernel"?

[Martin Pitt]

Josh Triplett [2015-10-05 15:18 -0700]:
> However, given the potential security implications, this needs some very
> clear documentation, as well as some warnings.  For instance, how about
> making networkd emit a warning when when the global flag is set to "yes"
> but a .network file doesn't have an *explicit* IPForward setting (either
> yes or no)?  That would help people very quickly notice why their
> packets don't get forwarded, and point them directly at the setting they
> need to change.  With that change, I wonder if we really need to change
> the default.

I'm not sure about the quickly notice" -- if you install libvirt or
LXC and your guest can't talk to the network, I'd naïvely look in
LXC/libvirt, but not into the host's networkd journal. People might
eventually find it of course, but regressing the user experience
(compared to ifupdown and NM) from "apt-get install, it works" to
"need to find out what's wrong and then change my configuration files"
isn't exactly a selling point.

The worse thing is that this also breaks pretty much every
firewall/network control project which tries to enable/disable global
forwarding. These projects won't get/show any error message, it just
silently doesn't actually work.

> I'd also be tempted to make the kernel emit a warning when setting the
> global ip_forward rather than the per-interface flag, but that would
> affect non-networkd users as well, and I suspect people would complain.

Perhaps only warn if you set the global flag after any per-interface
flag has already been set?

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)