diff options
| -rw-r--r-- | man/sysctl.d.xml | 21 | ||||
| -rw-r--r-- | man/systemctl.xml | 28 |
2 files changed, 40 insertions, 9 deletions
diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml index 8a131791a5..e5b2bc0ac9 100644 --- a/man/sysctl.d.xml +++ b/man/sysctl.d.xml @@ -123,11 +123,12 @@ </example> <example> - <title>Disable packet filter on bridged packets (method one)</title> + <title>Apply settings available only when a certain module is loaded (method one)</title> <para><filename>/etc/udev/rules.d/99-bridge.rules</filename>: </para> - <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge" + <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \ + RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge" </programlisting> <para><filename>/etc/sysctl.d/bridge.conf</filename>: @@ -137,14 +138,20 @@ net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 </programlisting> + + <para>This method applies settings when the module is + loaded. Please note that unless the <filename>br_netfilter</filename> + module is loaded, bridged packets will not be filtered by + netfilter (starting with kernel 3.18), so simply not loading the + module is suffient to avoid filtering.</para> </example> <example> - <title>Disable packet filter on bridged packets (method two)</title> + <title>Apply settings available only when a certain module is loaded (method two)</title> <para><filename>/etc/modules-load.d/bridge.conf</filename>: </para> - <programlisting>bridge</programlisting> + <programlisting>br_netfilter</programlisting> <para><filename>/etc/sysctl.d/bridge.conf</filename>: </para> @@ -153,6 +160,12 @@ net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 </programlisting> + + <para>This method forces the module to be always loaded. Please + note that unless the <filename>br_netfilter</filename> module is + loaded, bridged packets will not be filtered with netfilter + (starting with kernel 3.18), so simply not loading the module is + suffient to avoid filtering.</para> </example> </refsect1> diff --git a/man/systemctl.xml b/man/systemctl.xml index e18ef6f898..66a090049d 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -114,12 +114,30 @@ <listitem> <para>When showing unit/job/manager properties with the - <command>show</command> command, limit display to certain - properties as specified as argument. If not specified, all - set properties are shown. The argument should be a + <command>show</command> command, limit display to properties + specified in the argument. The argument should be a comma-separated list of property names, such as - <literal>MainPID</literal>. If specified more than once, all - properties with the specified names are shown.</para> + <literal>MainPID</literal>. Unless specified, all known + properties are shown. If specified more than once, all + properties with the specified names are shown. Shell + completion is implemented for property names.</para> + + <para>For the manager itself, + <command>systemctl show</command> will show all available + properties. Those properties are documented in + <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> + + <para>Properties for units vary by unit type, so showing any + unit (even a non-existent one) is a way to list properties + pertaining to this type. Similarly showing any job will list + properties pertaining to all jobs. Properties for units are + documented in + <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + and the pages for individual unit types + <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + etc.</para> </listitem> </varlistentry> |