You are not logged in.

#1 2020-06-11 13:18:20

L12C
Member
Registered: 2020-06-11
Posts: 5

[Partly solved] Kernel Upgrade prevents SSH connections

When I upgrade the kernel (linux-lts) my current SSH connection seems to be dropped or otherwise interrupted, output stops after

( 5/12) Applying kernel sysctl settings...

New SSH connections time out when connecting.
This is the second time I've had this issue, and the second time I've upgraded the kernel on this machine. Last time the problem disappeared after rebooting the machine via the hosting company's interface, this time I have not yet rebooted so I can look for the cause of the problem.
I can log in via the VNC interface the hosting company provides. After doing this I found the following information:
who still lists my existing SSH session
systemctl status sshd produces

● sshd.service - OpenSSH Daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2020-06-04 17:12:26 CEST; 6 days ago
   Main PID: 370 (sshd)
      Tasks: 1 (limit: 9538)
     Memory: 10.7M
     CGroup: /system.slice/sshd.service
             └─370 sshd: /usr/bin/sshd -D [listener] 0 of 10-100 startups

Jun 11 15:11:02 SERVER_HOSTNAME sshd[459494]: Unable to negotiate with IP_OF_MY_HOME_PC port 57106: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:11:12 SERVER_HOSTNAME sshd[459514]: Unable to negotiate with IP_OF_MY_HOME_PC port 49440: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:11:23 SERVER_HOSTNAME sshd[459578]: Unable to negotiate with IP_OF_MY_HOME_PC port 41774: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:11:34 SERVER_HOSTNAME sshd[459587]: Unable to negotiate with IP_OF_MY_HOME_PC port 34108: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:11:45 SERVER_HOSTNAME sshd[459593]: Unable to negotiate with IP_OF_MY_HOME_PC port 54674: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:11:55 SERVER_HOSTNAME sshd[459596]: Unable to negotiate with IP_OF_MY_HOME_PC port 47008: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:12:06 SERVER_HOSTNAME sshd[459626]: Unable to negotiate with IP_OF_MY_HOME_PC port 39340: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:13:01 SERVER_HOSTNAME sshd[459850]: Unable to negotiate with IP_OF_MY_HOME_PC port 57530: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:13:12 SERVER_HOSTNAME sshd[459920]: Unable to negotiate with IP_OF_MY_HOME_PC port 49862: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Jun 11 15:13:24 SERVER_HOSTNAME sshd[459966]: Unable to negotiate with IP_OF_MY_HOME_PC port 42196: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

So apparently the key exchange somehow doesn't work. Why is this only the case after upgrading the kernel, and (even less obvious to me) why does it impede my already existing session over which I started the upgrade?

Last edited by L12C (2020-06-11 15:58:48)

Offline

#2 2020-06-11 13:20:17

schard
Forum Moderator
From: Hannover
Registered: 2016-05-06
Posts: 2,426
Website

Re: [Partly solved] Kernel Upgrade prevents SSH connections

Please post your entire pacman.log from the update.


Inofficial first vice president of the Rust Evangelism Strike Force

Offline

#3 2020-06-11 13:22:58

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,410
Website

Re: [Partly solved] Kernel Upgrade prevents SSH connections

If there's a VNC and ability to cleanly reboot through the hosting company it sounds like this would be a VPS - is that the case?

I'm not sure what the cause of the problem is, but if this is indeed a VPS you are not using your installed kernel so just remove the package and avoid the problem.


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#4 2020-06-11 13:26:55

schard
Forum Moderator
From: Hannover
Registered: 2016-05-06
Posts: 2,426
Website

Re: [Partly solved] Kernel Upgrade prevents SSH connections

What does a VPS have to do with the installed kernel?
I run Arch Linux on VPS as well and use the official (LTS) kernel from the repos.

A quick google search of the errors yielded that there might be a conflict between the ciphers used on the client and server side.
Was openssl upgraded as well? Do you run partial upgrades?

Last edited by schard (2020-06-11 13:27:55)


Inofficial first vice president of the Rust Evangelism Strike Force

Offline

#5 2020-06-11 13:32:54

L12C
Member
Registered: 2020-06-11
Posts: 5

Re: [Partly solved] Kernel Upgrade prevents SSH connections

Full pacman.log:

[2020-06-11T14:40:31+0200] [PACMAN] Running 'pacman -Syu'
[2020-06-11T14:40:31+0200] [PACMAN] synchronizing package lists
[2020-06-11T14:40:31+0200] [PACMAN] starting full system upgrade
[2020-06-11T14:40:37+0200] [ALPM] running '60-mkinitcpio-remove.hook'...
[2020-06-11T14:40:37+0200] [ALPM] transaction started
[2020-06-11T14:40:37+0200] [ALPM] upgraded archlinux-keyring (20200422-1 -> 20200603-1)
[2020-06-11T14:40:37+0200] [ALPM-SCRIPTLET] ==> Appending keys from archlinux.gpg...
[2020-06-11T14:40:45+0200] [ALPM-SCRIPTLET] gpg: public key DB323392796CA067 is 3037 days newer than the signature
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET] ==> Locally signing trusted keys in keyring...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Locally signing key D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET] ==> Importing owner trust values...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET] ==> Disabling revoked keys in keyring...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key D921CABED130A5690EF1896E81AF739EC0711BF1...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
[2020-06-11T14:40:47+0200] [ALPM-SCRIPTLET]   -> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 684148BB25B49E986A4944C55184252D824B18E8...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 4D913AECD81726D9A6C74F0ADA6426DD215B37AD...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 76B4192E902C0A52642C63C273B8ED52F1D357C1...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET]   -> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET] ==> Updating trust database...
[2020-06-11T14:40:48+0200] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2020-10-17
[2020-06-11T14:40:48+0200] [ALPM] upgraded iana-etc (20200511-1 -> 20200601-1)
[2020-06-11T14:40:48+0200] [ALPM] upgraded systemd-libs (245.6-1 -> 245.6-4)
[2020-06-11T14:40:50+0200] [ALPM] upgraded perl (5.30.2-1 -> 5.30.3-1)
[2020-06-11T14:40:50+0200] [ALPM] upgraded dbus (1.12.16-5 -> 1.12.18-1)
[2020-06-11T14:40:50+0200] [ALPM] upgraded libksba (1.3.5-2 -> 1.4.0-1)
[2020-06-11T14:40:50+0200] [ALPM] upgraded gnutls (3.6.13-2 -> 3.6.14-1)
[2020-06-11T14:40:50+0200] [ALPM] upgraded sqlite (3.32.1-1 -> 3.32.2-1)
[2020-06-11T14:40:50+0200] [ALPM] upgraded gnupg (2.2.20-2 -> 2.2.20-4)
[2020-06-11T14:40:50+0200] [ALPM] upgraded iptables (1:1.8.4-1 -> 1:1.8.5-2)
[2020-06-11T14:40:50+0200] [ALPM] upgraded libnghttp2 (1.40.0-1 -> 1.41.0-1)
[2020-06-11T14:40:51+0200] [ALPM] upgraded iproute2 (5.6.0-1 -> 5.7.0-1)
[2020-06-11T14:40:51+0200] [ALPM] upgraded lcms2 (2.10-1 -> 2.10-2)
[2020-06-11T14:40:51+0200] [ALPM] upgraded libyaml (0.2.4-1 -> 0.2.5-1)
[2020-06-11T14:40:52+0200] [ALPM] upgraded systemd (245.6-1 -> 245.6-4)
[2020-06-11T14:40:54+0200] [ALPM] upgraded linux-lts (5.4.43-1 -> 5.4.45-1)
[2020-06-11T14:40:54+0200] [ALPM] warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
[2020-06-11T14:40:54+0200] [ALPM] upgraded pacman-mirrorlist (20200411-1 -> 20200606-1)
[2020-06-11T14:40:54+0200] [ALPM] upgraded pciutils (3.6.4-1 -> 3.7.0-1)
[2020-06-11T14:40:55+0200] [ALPM] upgraded python-phonenumbers (8.12.4-1 -> 8.12.5-1)
[2020-06-11T14:40:55+0200] [ALPM] upgraded python-sortedcontainers (2.1.0-4 -> 2.2.2-1)
[2020-06-11T14:40:55+0200] [ALPM] upgraded runc (1.0.0rc10-2 -> 1.0.0rc90-1)
[2020-06-11T14:40:55+0200] [ALPM] upgraded systemd-sysvcompat (245.6-1 -> 245.6-4)
[2020-06-11T14:40:55+0200] [ALPM] transaction completed
[2020-06-11T14:40:55+0200] [ALPM] running '20-systemd-sysusers.hook'...
[2020-06-11T14:40:55+0200] [ALPM] running '30-systemd-catalog.hook'...
[2020-06-11T14:40:55+0200] [ALPM] running '30-systemd-daemon-reload.hook'...
[2020-06-11T14:40:55+0200] [ALPM] running '30-systemd-hwdb.hook'...
[2020-06-11T14:40:56+0200] [ALPM] running '30-systemd-sysctl.hook'...     ###At this point the existing SSH session freezes
[2020-06-11T14:40:56+0200] [ALPM] running '30-systemd-tmpfiles.hook'...
[2020-06-11T14:40:56+0200] [ALPM] running '30-systemd-udev-reload.hook'...
[2020-06-11T14:40:56+0200] [ALPM] running '30-systemd-update.hook'...
[2020-06-11T14:40:56+0200] [ALPM] running '60-depmod.hook'...
[2020-06-11T14:41:09+0200] [ALPM] running '90-mkinitcpio-install.hook'...
[2020-06-11T14:41:09+0200] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux-lts.preset: 'default'
[2020-06-11T14:41:09+0200] [ALPM-SCRIPTLET]   -> -k /boot/vmlinuz-linux-lts -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-lts.img
[2020-06-11T14:41:09+0200] [ALPM-SCRIPTLET] ==> Starting build: 5.4.45-1-lts
[2020-06-11T14:41:09+0200] [ALPM-SCRIPTLET]   -> Running build hook: [base]
[2020-06-11T14:41:10+0200] [ALPM-SCRIPTLET]   -> Running build hook: [udev]
[2020-06-11T14:41:10+0200] [ALPM-SCRIPTLET]   -> Running build hook: [autodetect]
[2020-06-11T14:41:10+0200] [ALPM-SCRIPTLET]   -> Running build hook: [modconf]
[2020-06-11T14:41:10+0200] [ALPM-SCRIPTLET]   -> Running build hook: [block]
[2020-06-11T14:41:11+0200] [ALPM-SCRIPTLET]   -> Running build hook: [filesystems]
[2020-06-11T14:41:11+0200] [ALPM-SCRIPTLET]   -> Running build hook: [keyboard]
[2020-06-11T14:41:11+0200] [ALPM-SCRIPTLET]   -> Running build hook: [fsck]
[2020-06-11T14:41:12+0200] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2020-06-11T14:41:12+0200] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-lts.img
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET] ==> Image generation successful
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux-lts.preset: 'fallback'
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET]   -> -k /boot/vmlinuz-linux-lts -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-lts-fallback.img -S autodetect
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET] ==> Starting build: 5.4.45-1-lts
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET]   -> Running build hook: [base]
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET]   -> Running build hook: [udev]
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET]   -> Running build hook: [modconf]
[2020-06-11T14:41:14+0200] [ALPM-SCRIPTLET]   -> Running build hook: [block]
[2020-06-11T14:41:15+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: qed
[2020-06-11T14:41:15+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: qla1280
[2020-06-11T14:41:15+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: cxgb3
[2020-06-11T14:41:15+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: cxgb4
[2020-06-11T14:41:16+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: wd719x
[2020-06-11T14:41:16+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: csiostor
[2020-06-11T14:41:16+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: bfa
[2020-06-11T14:41:16+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: isci
[2020-06-11T14:41:16+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: advansys
[2020-06-11T14:41:18+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: aic94xx
[2020-06-11T14:41:18+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: qla2xxx
[2020-06-11T14:41:18+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: ums_eneub6250
[2020-06-11T14:41:18+0200] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: smsmdtv
[2020-06-11T14:41:19+0200] [ALPM-SCRIPTLET]   -> Running build hook: [filesystems]
[2020-06-11T14:41:21+0200] [ALPM-SCRIPTLET]   -> Running build hook: [keyboard]
[2020-06-11T14:41:23+0200] [ALPM-SCRIPTLET]   -> Running build hook: [fsck]
[2020-06-11T14:41:27+0200] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2020-06-11T14:41:27+0200] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-lts-fallback.img
[2020-06-11T14:41:34+0200] [ALPM-SCRIPTLET] ==> Image generation successful
[2020-06-11T14:41:34+0200] [ALPM] running 'dbus-reload.hook'...
[2020-06-11T14:41:34+0200] [ALPM] running 'detect-old-perl-modules.hook'...

And yes this is a VPS, using KVM virtualization and installed from a template offered by the provider. Is the kernel provided by the virtualization environment or why do I not need it?
OpenSSL was not upgraded, and I do not have any partial upgrades

Offline

#6 2020-06-11 13:37:03

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,103

Re: [Partly solved] Kernel Upgrade prevents SSH connections

L12C wrote:

And yes this is a VPS, using KVM virtualization and installed from a template offered by the provider. Is the kernel provided by the virtualization environment or why do I not need it?

No, he was making a wild assumption that VPS = container.

Offline

#7 2020-06-11 13:45:57

schard
Forum Moderator
From: Hannover
Registered: 2016-05-06
Posts: 2,426
Website

Re: [Partly solved] Kernel Upgrade prevents SSH connections

If I run the program behind the script behind the hook (jeeze), I get the following output:

Not setting net/ipv4/conf/all/rp_filter (explicit setting exists).
Not setting net/ipv4/conf/default/rp_filter (explicit setting exists).
Not setting net/ipv4/conf/all/accept_source_route (explicit setting exists).
Not setting net/ipv4/conf/default/accept_source_route (explicit setting exists).
Not setting net/ipv4/conf/all/promote_secondaries (explicit setting exists).
Not setting net/ipv4/conf/default/promote_secondaries (explicit setting exists).

So apparently the invoked /usr/lib/systemd/systemd-sysctl messes with some net/ipv4 settings.
It may screw up your routing and firewall settings, depending on what you have configured.
Can you provide the output of

sysctl net/ipv4

Before and after running /usr/lib/systemd/systemd-sysctl as root.

Last edited by schard (2020-06-11 13:47:15)


Inofficial first vice president of the Rust Evangelism Strike Force

Offline

#8 2020-06-11 13:59:23

L12C
Member
Registered: 2020-06-11
Posts: 5

Re: [Partly solved] Kernel Upgrade prevents SSH connections

The output of sysctl net/ipv4 before and after running /usr/lib/systemd/systemd-sysctl is exactly identical. Full output:

net.ipv4.cipso_cache_bucket_size = 10
net.ipv4.cipso_cache_enable = 1
net.ipv4.cipso_rbm_optfmt = 0
net.ipv4.cipso_rbm_strictvalid = 1
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bc_forwarding = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.drop_gratuitous_arp = 0
net.ipv4.conf.all.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.all.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.all.ignore_routes_with_linkdown = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.br-mailcow.accept_local = 0
net.ipv4.conf.br-mailcow.accept_redirects = 1
net.ipv4.conf.br-mailcow.accept_source_route = 0
net.ipv4.conf.br-mailcow.arp_accept = 0
net.ipv4.conf.br-mailcow.arp_announce = 0
net.ipv4.conf.br-mailcow.arp_filter = 0
net.ipv4.conf.br-mailcow.arp_ignore = 0
net.ipv4.conf.br-mailcow.arp_notify = 0
net.ipv4.conf.br-mailcow.bc_forwarding = 0
net.ipv4.conf.br-mailcow.bootp_relay = 0
net.ipv4.conf.br-mailcow.disable_policy = 0
net.ipv4.conf.br-mailcow.disable_xfrm = 0
net.ipv4.conf.br-mailcow.drop_gratuitous_arp = 0
net.ipv4.conf.br-mailcow.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.br-mailcow.force_igmp_version = 0
net.ipv4.conf.br-mailcow.forwarding = 1
net.ipv4.conf.br-mailcow.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.br-mailcow.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.br-mailcow.ignore_routes_with_linkdown = 0
net.ipv4.conf.br-mailcow.log_martians = 0
net.ipv4.conf.br-mailcow.mc_forwarding = 0
net.ipv4.conf.br-mailcow.medium_id = 0
net.ipv4.conf.br-mailcow.promote_secondaries = 1
net.ipv4.conf.br-mailcow.proxy_arp = 0
net.ipv4.conf.br-mailcow.proxy_arp_pvlan = 0
net.ipv4.conf.br-mailcow.route_localnet = 0
net.ipv4.conf.br-mailcow.rp_filter = 2
net.ipv4.conf.br-mailcow.secure_redirects = 1
net.ipv4.conf.br-mailcow.send_redirects = 1
net.ipv4.conf.br-mailcow.shared_media = 1
net.ipv4.conf.br-mailcow.src_valid_mark = 0
net.ipv4.conf.br-mailcow.tag = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bc_forwarding = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.drop_gratuitous_arp = 0
net.ipv4.conf.default.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.default.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.default.ignore_routes_with_linkdown = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.route_localnet = 0
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.docker0.accept_local = 0
net.ipv4.conf.docker0.accept_redirects = 1
net.ipv4.conf.docker0.accept_source_route = 0
net.ipv4.conf.docker0.arp_accept = 0
net.ipv4.conf.docker0.arp_announce = 0
net.ipv4.conf.docker0.arp_filter = 0
net.ipv4.conf.docker0.arp_ignore = 0
net.ipv4.conf.docker0.arp_notify = 0
net.ipv4.conf.docker0.bc_forwarding = 0
net.ipv4.conf.docker0.bootp_relay = 0
net.ipv4.conf.docker0.disable_policy = 0
net.ipv4.conf.docker0.disable_xfrm = 0
net.ipv4.conf.docker0.drop_gratuitous_arp = 0
net.ipv4.conf.docker0.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.docker0.force_igmp_version = 0
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.docker0.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.docker0.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.docker0.ignore_routes_with_linkdown = 0
net.ipv4.conf.docker0.log_martians = 0
net.ipv4.conf.docker0.mc_forwarding = 0
net.ipv4.conf.docker0.medium_id = 0
net.ipv4.conf.docker0.promote_secondaries = 1
net.ipv4.conf.docker0.proxy_arp = 0
net.ipv4.conf.docker0.proxy_arp_pvlan = 0
net.ipv4.conf.docker0.route_localnet = 0
net.ipv4.conf.docker0.rp_filter = 2
net.ipv4.conf.docker0.secure_redirects = 1
net.ipv4.conf.docker0.send_redirects = 1
net.ipv4.conf.docker0.shared_media = 1
net.ipv4.conf.docker0.src_valid_mark = 0
net.ipv4.conf.docker0.tag = 0
net.ipv4.conf.eth0.accept_local = 0
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_notify = 0
net.ipv4.conf.eth0.bc_forwarding = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.drop_gratuitous_arp = 0
net.ipv4.conf.eth0.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth0.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth0.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.promote_secondaries = 1
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.route_localnet = 0
net.ipv4.conf.eth0.rp_filter = 2
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.src_valid_mark = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bc_forwarding = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.drop_gratuitous_arp = 0
net.ipv4.conf.lo.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.lo.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.lo.ignore_routes_with_linkdown = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 1
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.route_localnet = 0
net.ipv4.conf.lo.rp_filter = 2
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.veth13beefe.accept_local = 0
net.ipv4.conf.veth13beefe.accept_redirects = 1
net.ipv4.conf.veth13beefe.accept_source_route = 0
net.ipv4.conf.veth13beefe.arp_accept = 0
net.ipv4.conf.veth13beefe.arp_announce = 0
net.ipv4.conf.veth13beefe.arp_filter = 0
net.ipv4.conf.veth13beefe.arp_ignore = 0
net.ipv4.conf.veth13beefe.arp_notify = 0
net.ipv4.conf.veth13beefe.bc_forwarding = 0
net.ipv4.conf.veth13beefe.bootp_relay = 0
net.ipv4.conf.veth13beefe.disable_policy = 0
net.ipv4.conf.veth13beefe.disable_xfrm = 0
net.ipv4.conf.veth13beefe.drop_gratuitous_arp = 0
net.ipv4.conf.veth13beefe.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth13beefe.force_igmp_version = 0
net.ipv4.conf.veth13beefe.forwarding = 1
net.ipv4.conf.veth13beefe.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth13beefe.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth13beefe.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth13beefe.log_martians = 0
net.ipv4.conf.veth13beefe.mc_forwarding = 0
net.ipv4.conf.veth13beefe.medium_id = 0
net.ipv4.conf.veth13beefe.promote_secondaries = 1
net.ipv4.conf.veth13beefe.proxy_arp = 0
net.ipv4.conf.veth13beefe.proxy_arp_pvlan = 0
net.ipv4.conf.veth13beefe.route_localnet = 0
net.ipv4.conf.veth13beefe.rp_filter = 2
net.ipv4.conf.veth13beefe.secure_redirects = 1
net.ipv4.conf.veth13beefe.send_redirects = 1
net.ipv4.conf.veth13beefe.shared_media = 1
net.ipv4.conf.veth13beefe.src_valid_mark = 0
net.ipv4.conf.veth13beefe.tag = 0
net.ipv4.conf.veth18a2a60.accept_local = 0
net.ipv4.conf.veth18a2a60.accept_redirects = 1
net.ipv4.conf.veth18a2a60.accept_source_route = 0
net.ipv4.conf.veth18a2a60.arp_accept = 0
net.ipv4.conf.veth18a2a60.arp_announce = 0
net.ipv4.conf.veth18a2a60.arp_filter = 0
net.ipv4.conf.veth18a2a60.arp_ignore = 0
net.ipv4.conf.veth18a2a60.arp_notify = 0
net.ipv4.conf.veth18a2a60.bc_forwarding = 0
net.ipv4.conf.veth18a2a60.bootp_relay = 0
net.ipv4.conf.veth18a2a60.disable_policy = 0
net.ipv4.conf.veth18a2a60.disable_xfrm = 0
net.ipv4.conf.veth18a2a60.drop_gratuitous_arp = 0
net.ipv4.conf.veth18a2a60.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth18a2a60.force_igmp_version = 0
net.ipv4.conf.veth18a2a60.forwarding = 1
net.ipv4.conf.veth18a2a60.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth18a2a60.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth18a2a60.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth18a2a60.log_martians = 0
net.ipv4.conf.veth18a2a60.mc_forwarding = 0
net.ipv4.conf.veth18a2a60.medium_id = 0
net.ipv4.conf.veth18a2a60.promote_secondaries = 1
net.ipv4.conf.veth18a2a60.proxy_arp = 0
net.ipv4.conf.veth18a2a60.proxy_arp_pvlan = 0
net.ipv4.conf.veth18a2a60.route_localnet = 0
net.ipv4.conf.veth18a2a60.rp_filter = 2
net.ipv4.conf.veth18a2a60.secure_redirects = 1
net.ipv4.conf.veth18a2a60.send_redirects = 1
net.ipv4.conf.veth18a2a60.shared_media = 1
net.ipv4.conf.veth18a2a60.src_valid_mark = 0
net.ipv4.conf.veth18a2a60.tag = 0
net.ipv4.conf.veth2d1d93d.accept_local = 0
net.ipv4.conf.veth2d1d93d.accept_redirects = 1
net.ipv4.conf.veth2d1d93d.accept_source_route = 0
net.ipv4.conf.veth2d1d93d.arp_accept = 0
net.ipv4.conf.veth2d1d93d.arp_announce = 0
net.ipv4.conf.veth2d1d93d.arp_filter = 0
net.ipv4.conf.veth2d1d93d.arp_ignore = 0
net.ipv4.conf.veth2d1d93d.arp_notify = 0
net.ipv4.conf.veth2d1d93d.bc_forwarding = 0
net.ipv4.conf.veth2d1d93d.bootp_relay = 0
net.ipv4.conf.veth2d1d93d.disable_policy = 0
net.ipv4.conf.veth2d1d93d.disable_xfrm = 0
net.ipv4.conf.veth2d1d93d.drop_gratuitous_arp = 0
net.ipv4.conf.veth2d1d93d.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth2d1d93d.force_igmp_version = 0
net.ipv4.conf.veth2d1d93d.forwarding = 1
net.ipv4.conf.veth2d1d93d.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth2d1d93d.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth2d1d93d.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth2d1d93d.log_martians = 0
net.ipv4.conf.veth2d1d93d.mc_forwarding = 0
net.ipv4.conf.veth2d1d93d.medium_id = 0
net.ipv4.conf.veth2d1d93d.promote_secondaries = 1
net.ipv4.conf.veth2d1d93d.proxy_arp = 0
net.ipv4.conf.veth2d1d93d.proxy_arp_pvlan = 0
net.ipv4.conf.veth2d1d93d.route_localnet = 0
net.ipv4.conf.veth2d1d93d.rp_filter = 2
net.ipv4.conf.veth2d1d93d.secure_redirects = 1
net.ipv4.conf.veth2d1d93d.send_redirects = 1
net.ipv4.conf.veth2d1d93d.shared_media = 1
net.ipv4.conf.veth2d1d93d.src_valid_mark = 0
net.ipv4.conf.veth2d1d93d.tag = 0
net.ipv4.conf.veth36aa875.accept_local = 0
net.ipv4.conf.veth36aa875.accept_redirects = 1
net.ipv4.conf.veth36aa875.accept_source_route = 0
net.ipv4.conf.veth36aa875.arp_accept = 0
net.ipv4.conf.veth36aa875.arp_announce = 0
net.ipv4.conf.veth36aa875.arp_filter = 0
net.ipv4.conf.veth36aa875.arp_ignore = 0
net.ipv4.conf.veth36aa875.arp_notify = 0
net.ipv4.conf.veth36aa875.bc_forwarding = 0
net.ipv4.conf.veth36aa875.bootp_relay = 0
net.ipv4.conf.veth36aa875.disable_policy = 0
net.ipv4.conf.veth36aa875.disable_xfrm = 0
net.ipv4.conf.veth36aa875.drop_gratuitous_arp = 0
net.ipv4.conf.veth36aa875.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth36aa875.force_igmp_version = 0
net.ipv4.conf.veth36aa875.forwarding = 1
net.ipv4.conf.veth36aa875.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth36aa875.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth36aa875.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth36aa875.log_martians = 0
net.ipv4.conf.veth36aa875.mc_forwarding = 0
net.ipv4.conf.veth36aa875.medium_id = 0
net.ipv4.conf.veth36aa875.promote_secondaries = 1
net.ipv4.conf.veth36aa875.proxy_arp = 0
net.ipv4.conf.veth36aa875.proxy_arp_pvlan = 0
net.ipv4.conf.veth36aa875.route_localnet = 0
net.ipv4.conf.veth36aa875.rp_filter = 2
net.ipv4.conf.veth36aa875.secure_redirects = 1
net.ipv4.conf.veth36aa875.send_redirects = 1
net.ipv4.conf.veth36aa875.shared_media = 1
net.ipv4.conf.veth36aa875.src_valid_mark = 0
net.ipv4.conf.veth36aa875.tag = 0
net.ipv4.conf.veth429707c.accept_local = 0
net.ipv4.conf.veth429707c.accept_redirects = 1
net.ipv4.conf.veth429707c.accept_source_route = 0
net.ipv4.conf.veth429707c.arp_accept = 0
net.ipv4.conf.veth429707c.arp_announce = 0
net.ipv4.conf.veth429707c.arp_filter = 0
net.ipv4.conf.veth429707c.arp_ignore = 0
net.ipv4.conf.veth429707c.arp_notify = 0
net.ipv4.conf.veth429707c.bc_forwarding = 0
net.ipv4.conf.veth429707c.bootp_relay = 0
net.ipv4.conf.veth429707c.disable_policy = 0
net.ipv4.conf.veth429707c.disable_xfrm = 0
net.ipv4.conf.veth429707c.drop_gratuitous_arp = 0
net.ipv4.conf.veth429707c.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth429707c.force_igmp_version = 0
net.ipv4.conf.veth429707c.forwarding = 1
net.ipv4.conf.veth429707c.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth429707c.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth429707c.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth429707c.log_martians = 0
net.ipv4.conf.veth429707c.mc_forwarding = 0
net.ipv4.conf.veth429707c.medium_id = 0
net.ipv4.conf.veth429707c.promote_secondaries = 1
net.ipv4.conf.veth429707c.proxy_arp = 0
net.ipv4.conf.veth429707c.proxy_arp_pvlan = 0
net.ipv4.conf.veth429707c.route_localnet = 0
net.ipv4.conf.veth429707c.rp_filter = 2
net.ipv4.conf.veth429707c.secure_redirects = 1
net.ipv4.conf.veth429707c.send_redirects = 1
net.ipv4.conf.veth429707c.shared_media = 1
net.ipv4.conf.veth429707c.src_valid_mark = 0
net.ipv4.conf.veth429707c.tag = 0
net.ipv4.conf.veth7012f68.accept_local = 0
net.ipv4.conf.veth7012f68.accept_redirects = 1
net.ipv4.conf.veth7012f68.accept_source_route = 0
net.ipv4.conf.veth7012f68.arp_accept = 0
net.ipv4.conf.veth7012f68.arp_announce = 0
net.ipv4.conf.veth7012f68.arp_filter = 0
net.ipv4.conf.veth7012f68.arp_ignore = 0
net.ipv4.conf.veth7012f68.arp_notify = 0
net.ipv4.conf.veth7012f68.bc_forwarding = 0
net.ipv4.conf.veth7012f68.bootp_relay = 0
net.ipv4.conf.veth7012f68.disable_policy = 0
net.ipv4.conf.veth7012f68.disable_xfrm = 0
net.ipv4.conf.veth7012f68.drop_gratuitous_arp = 0
net.ipv4.conf.veth7012f68.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth7012f68.force_igmp_version = 0
net.ipv4.conf.veth7012f68.forwarding = 1
net.ipv4.conf.veth7012f68.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth7012f68.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth7012f68.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth7012f68.log_martians = 0
net.ipv4.conf.veth7012f68.mc_forwarding = 0
net.ipv4.conf.veth7012f68.medium_id = 0
net.ipv4.conf.veth7012f68.promote_secondaries = 1
net.ipv4.conf.veth7012f68.proxy_arp = 0
net.ipv4.conf.veth7012f68.proxy_arp_pvlan = 0
net.ipv4.conf.veth7012f68.route_localnet = 0
net.ipv4.conf.veth7012f68.rp_filter = 2
net.ipv4.conf.veth7012f68.secure_redirects = 1
net.ipv4.conf.veth7012f68.send_redirects = 1
net.ipv4.conf.veth7012f68.shared_media = 1
net.ipv4.conf.veth7012f68.src_valid_mark = 0
net.ipv4.conf.veth7012f68.tag = 0
net.ipv4.conf.veth707ddff.accept_local = 0
net.ipv4.conf.veth707ddff.accept_redirects = 1
net.ipv4.conf.veth707ddff.accept_source_route = 0
net.ipv4.conf.veth707ddff.arp_accept = 0
net.ipv4.conf.veth707ddff.arp_announce = 0
net.ipv4.conf.veth707ddff.arp_filter = 0
net.ipv4.conf.veth707ddff.arp_ignore = 0
net.ipv4.conf.veth707ddff.arp_notify = 0
net.ipv4.conf.veth707ddff.bc_forwarding = 0
net.ipv4.conf.veth707ddff.bootp_relay = 0
net.ipv4.conf.veth707ddff.disable_policy = 0
net.ipv4.conf.veth707ddff.disable_xfrm = 0
net.ipv4.conf.veth707ddff.drop_gratuitous_arp = 0
net.ipv4.conf.veth707ddff.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth707ddff.force_igmp_version = 0
net.ipv4.conf.veth707ddff.forwarding = 1
net.ipv4.conf.veth707ddff.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth707ddff.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth707ddff.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth707ddff.log_martians = 0
net.ipv4.conf.veth707ddff.mc_forwarding = 0
net.ipv4.conf.veth707ddff.medium_id = 0
net.ipv4.conf.veth707ddff.promote_secondaries = 1
net.ipv4.conf.veth707ddff.proxy_arp = 0
net.ipv4.conf.veth707ddff.proxy_arp_pvlan = 0
net.ipv4.conf.veth707ddff.route_localnet = 0
net.ipv4.conf.veth707ddff.rp_filter = 2
net.ipv4.conf.veth707ddff.secure_redirects = 1
net.ipv4.conf.veth707ddff.send_redirects = 1
net.ipv4.conf.veth707ddff.shared_media = 1
net.ipv4.conf.veth707ddff.src_valid_mark = 0
net.ipv4.conf.veth707ddff.tag = 0
net.ipv4.conf.veth7bebd9e.accept_local = 0
net.ipv4.conf.veth7bebd9e.accept_redirects = 1
net.ipv4.conf.veth7bebd9e.accept_source_route = 0
net.ipv4.conf.veth7bebd9e.arp_accept = 0
net.ipv4.conf.veth7bebd9e.arp_announce = 0
net.ipv4.conf.veth7bebd9e.arp_filter = 0
net.ipv4.conf.veth7bebd9e.arp_ignore = 0
net.ipv4.conf.veth7bebd9e.arp_notify = 0
net.ipv4.conf.veth7bebd9e.bc_forwarding = 0
net.ipv4.conf.veth7bebd9e.bootp_relay = 0
net.ipv4.conf.veth7bebd9e.disable_policy = 0
net.ipv4.conf.veth7bebd9e.disable_xfrm = 0
net.ipv4.conf.veth7bebd9e.drop_gratuitous_arp = 0
net.ipv4.conf.veth7bebd9e.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth7bebd9e.force_igmp_version = 0
net.ipv4.conf.veth7bebd9e.forwarding = 1
net.ipv4.conf.veth7bebd9e.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth7bebd9e.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth7bebd9e.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth7bebd9e.log_martians = 0
net.ipv4.conf.veth7bebd9e.mc_forwarding = 0
net.ipv4.conf.veth7bebd9e.medium_id = 0
net.ipv4.conf.veth7bebd9e.promote_secondaries = 1
net.ipv4.conf.veth7bebd9e.proxy_arp = 0
net.ipv4.conf.veth7bebd9e.proxy_arp_pvlan = 0
net.ipv4.conf.veth7bebd9e.route_localnet = 0
net.ipv4.conf.veth7bebd9e.rp_filter = 2
net.ipv4.conf.veth7bebd9e.secure_redirects = 1
net.ipv4.conf.veth7bebd9e.send_redirects = 1
net.ipv4.conf.veth7bebd9e.shared_media = 1
net.ipv4.conf.veth7bebd9e.src_valid_mark = 0
net.ipv4.conf.veth7bebd9e.tag = 0
net.ipv4.conf.veth8215c13.accept_local = 0
net.ipv4.conf.veth8215c13.accept_redirects = 1
net.ipv4.conf.veth8215c13.accept_source_route = 0
net.ipv4.conf.veth8215c13.arp_accept = 0
net.ipv4.conf.veth8215c13.arp_announce = 0
net.ipv4.conf.veth8215c13.arp_filter = 0
net.ipv4.conf.veth8215c13.arp_ignore = 0
net.ipv4.conf.veth8215c13.arp_notify = 0
net.ipv4.conf.veth8215c13.bc_forwarding = 0
net.ipv4.conf.veth8215c13.bootp_relay = 0
net.ipv4.conf.veth8215c13.disable_policy = 0
net.ipv4.conf.veth8215c13.disable_xfrm = 0
net.ipv4.conf.veth8215c13.drop_gratuitous_arp = 0
net.ipv4.conf.veth8215c13.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth8215c13.force_igmp_version = 0
net.ipv4.conf.veth8215c13.forwarding = 1
net.ipv4.conf.veth8215c13.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth8215c13.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth8215c13.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth8215c13.log_martians = 0
net.ipv4.conf.veth8215c13.mc_forwarding = 0
net.ipv4.conf.veth8215c13.medium_id = 0
net.ipv4.conf.veth8215c13.promote_secondaries = 1
net.ipv4.conf.veth8215c13.proxy_arp = 0
net.ipv4.conf.veth8215c13.proxy_arp_pvlan = 0
net.ipv4.conf.veth8215c13.route_localnet = 0
net.ipv4.conf.veth8215c13.rp_filter = 2
net.ipv4.conf.veth8215c13.secure_redirects = 1
net.ipv4.conf.veth8215c13.send_redirects = 1
net.ipv4.conf.veth8215c13.shared_media = 1
net.ipv4.conf.veth8215c13.src_valid_mark = 0
net.ipv4.conf.veth8215c13.tag = 0
net.ipv4.conf.veth8561070.accept_local = 0
net.ipv4.conf.veth8561070.accept_redirects = 1
net.ipv4.conf.veth8561070.accept_source_route = 0
net.ipv4.conf.veth8561070.arp_accept = 0
net.ipv4.conf.veth8561070.arp_announce = 0
net.ipv4.conf.veth8561070.arp_filter = 0
net.ipv4.conf.veth8561070.arp_ignore = 0
net.ipv4.conf.veth8561070.arp_notify = 0
net.ipv4.conf.veth8561070.bc_forwarding = 0
net.ipv4.conf.veth8561070.bootp_relay = 0
net.ipv4.conf.veth8561070.disable_policy = 0
net.ipv4.conf.veth8561070.disable_xfrm = 0
net.ipv4.conf.veth8561070.drop_gratuitous_arp = 0
net.ipv4.conf.veth8561070.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth8561070.force_igmp_version = 0
net.ipv4.conf.veth8561070.forwarding = 1
net.ipv4.conf.veth8561070.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth8561070.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth8561070.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth8561070.log_martians = 0
net.ipv4.conf.veth8561070.mc_forwarding = 0
net.ipv4.conf.veth8561070.medium_id = 0
net.ipv4.conf.veth8561070.promote_secondaries = 1
net.ipv4.conf.veth8561070.proxy_arp = 0
net.ipv4.conf.veth8561070.proxy_arp_pvlan = 0
net.ipv4.conf.veth8561070.route_localnet = 0
net.ipv4.conf.veth8561070.rp_filter = 2
net.ipv4.conf.veth8561070.secure_redirects = 1
net.ipv4.conf.veth8561070.send_redirects = 1
net.ipv4.conf.veth8561070.shared_media = 1
net.ipv4.conf.veth8561070.src_valid_mark = 0
net.ipv4.conf.veth8561070.tag = 0
net.ipv4.conf.veth888556f.accept_local = 0
net.ipv4.conf.veth888556f.accept_redirects = 1
net.ipv4.conf.veth888556f.accept_source_route = 0
net.ipv4.conf.veth888556f.arp_accept = 0
net.ipv4.conf.veth888556f.arp_announce = 0
net.ipv4.conf.veth888556f.arp_filter = 0
net.ipv4.conf.veth888556f.arp_ignore = 0
net.ipv4.conf.veth888556f.arp_notify = 0
net.ipv4.conf.veth888556f.bc_forwarding = 0
net.ipv4.conf.veth888556f.bootp_relay = 0
net.ipv4.conf.veth888556f.disable_policy = 0
net.ipv4.conf.veth888556f.disable_xfrm = 0
net.ipv4.conf.veth888556f.drop_gratuitous_arp = 0
net.ipv4.conf.veth888556f.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.veth888556f.force_igmp_version = 0
net.ipv4.conf.veth888556f.forwarding = 1
net.ipv4.conf.veth888556f.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.veth888556f.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.veth888556f.ignore_routes_with_linkdown = 0
net.ipv4.conf.veth888556f.log_martians = 0
net.ipv4.conf.veth888556f.mc_forwarding = 0
net.ipv4.conf.veth888556f.medium_id = 0
net.ipv4.conf.veth888556f.promote_secondaries = 1
net.ipv4.conf.veth888556f.proxy_arp = 0
net.ipv4.conf.veth888556f.proxy_arp_pvlan = 0
net.ipv4.conf.veth888556f.route_localnet = 0
net.ipv4.conf.veth888556f.rp_filter = 2
net.ipv4.conf.veth888556f.secure_redirects = 1
net.ipv4.conf.veth888556f.send_redirects = 1
net.ipv4.conf.veth888556f.shared_media = 1
net.ipv4.conf.veth888556f.src_valid_mark = 0
net.ipv4.conf.veth888556f.tag = 0
net.ipv4.conf.vethb4953f2.accept_local = 0
net.ipv4.conf.vethb4953f2.accept_redirects = 1
net.ipv4.conf.vethb4953f2.accept_source_route = 0
net.ipv4.conf.vethb4953f2.arp_accept = 0
net.ipv4.conf.vethb4953f2.arp_announce = 0
net.ipv4.conf.vethb4953f2.arp_filter = 0
net.ipv4.conf.vethb4953f2.arp_ignore = 0
net.ipv4.conf.vethb4953f2.arp_notify = 0
net.ipv4.conf.vethb4953f2.bc_forwarding = 0
net.ipv4.conf.vethb4953f2.bootp_relay = 0
net.ipv4.conf.vethb4953f2.disable_policy = 0
net.ipv4.conf.vethb4953f2.disable_xfrm = 0
net.ipv4.conf.vethb4953f2.drop_gratuitous_arp = 0
net.ipv4.conf.vethb4953f2.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.vethb4953f2.force_igmp_version = 0
net.ipv4.conf.vethb4953f2.forwarding = 1
net.ipv4.conf.vethb4953f2.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.vethb4953f2.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.vethb4953f2.ignore_routes_with_linkdown = 0
net.ipv4.conf.vethb4953f2.log_martians = 0
net.ipv4.conf.vethb4953f2.mc_forwarding = 0
net.ipv4.conf.vethb4953f2.medium_id = 0
net.ipv4.conf.vethb4953f2.promote_secondaries = 1
net.ipv4.conf.vethb4953f2.proxy_arp = 0
net.ipv4.conf.vethb4953f2.proxy_arp_pvlan = 0
net.ipv4.conf.vethb4953f2.route_localnet = 0
net.ipv4.conf.vethb4953f2.rp_filter = 2
net.ipv4.conf.vethb4953f2.secure_redirects = 1
net.ipv4.conf.vethb4953f2.send_redirects = 1
net.ipv4.conf.vethb4953f2.shared_media = 1
net.ipv4.conf.vethb4953f2.src_valid_mark = 0
net.ipv4.conf.vethb4953f2.tag = 0
net.ipv4.conf.vethc36b865.accept_local = 0
net.ipv4.conf.vethc36b865.accept_redirects = 1
net.ipv4.conf.vethc36b865.accept_source_route = 0
net.ipv4.conf.vethc36b865.arp_accept = 0
net.ipv4.conf.vethc36b865.arp_announce = 0
net.ipv4.conf.vethc36b865.arp_filter = 0
net.ipv4.conf.vethc36b865.arp_ignore = 0
net.ipv4.conf.vethc36b865.arp_notify = 0
net.ipv4.conf.vethc36b865.bc_forwarding = 0
net.ipv4.conf.vethc36b865.bootp_relay = 0
net.ipv4.conf.vethc36b865.disable_policy = 0
net.ipv4.conf.vethc36b865.disable_xfrm = 0
net.ipv4.conf.vethc36b865.drop_gratuitous_arp = 0
net.ipv4.conf.vethc36b865.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.vethc36b865.force_igmp_version = 0
net.ipv4.conf.vethc36b865.forwarding = 1
net.ipv4.conf.vethc36b865.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.vethc36b865.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.vethc36b865.ignore_routes_with_linkdown = 0
net.ipv4.conf.vethc36b865.log_martians = 0
net.ipv4.conf.vethc36b865.mc_forwarding = 0
net.ipv4.conf.vethc36b865.medium_id = 0
net.ipv4.conf.vethc36b865.promote_secondaries = 1
net.ipv4.conf.vethc36b865.proxy_arp = 0
net.ipv4.conf.vethc36b865.proxy_arp_pvlan = 0
net.ipv4.conf.vethc36b865.route_localnet = 0
net.ipv4.conf.vethc36b865.rp_filter = 2
net.ipv4.conf.vethc36b865.secure_redirects = 1
net.ipv4.conf.vethc36b865.send_redirects = 1
net.ipv4.conf.vethc36b865.shared_media = 1
net.ipv4.conf.vethc36b865.src_valid_mark = 0
net.ipv4.conf.vethc36b865.tag = 0
net.ipv4.conf.vethdbd7715.accept_local = 0
net.ipv4.conf.vethdbd7715.accept_redirects = 1
net.ipv4.conf.vethdbd7715.accept_source_route = 0
net.ipv4.conf.vethdbd7715.arp_accept = 0
net.ipv4.conf.vethdbd7715.arp_announce = 0
net.ipv4.conf.vethdbd7715.arp_filter = 0
net.ipv4.conf.vethdbd7715.arp_ignore = 0
net.ipv4.conf.vethdbd7715.arp_notify = 0
net.ipv4.conf.vethdbd7715.bc_forwarding = 0
net.ipv4.conf.vethdbd7715.bootp_relay = 0
net.ipv4.conf.vethdbd7715.disable_policy = 0
net.ipv4.conf.vethdbd7715.disable_xfrm = 0
net.ipv4.conf.vethdbd7715.drop_gratuitous_arp = 0
net.ipv4.conf.vethdbd7715.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.vethdbd7715.force_igmp_version = 0
net.ipv4.conf.vethdbd7715.forwarding = 1
net.ipv4.conf.vethdbd7715.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.vethdbd7715.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.vethdbd7715.ignore_routes_with_linkdown = 0
net.ipv4.conf.vethdbd7715.log_martians = 0
net.ipv4.conf.vethdbd7715.mc_forwarding = 0
net.ipv4.conf.vethdbd7715.medium_id = 0
net.ipv4.conf.vethdbd7715.promote_secondaries = 1
net.ipv4.conf.vethdbd7715.proxy_arp = 0
net.ipv4.conf.vethdbd7715.proxy_arp_pvlan = 0
net.ipv4.conf.vethdbd7715.route_localnet = 0
net.ipv4.conf.vethdbd7715.rp_filter = 2
net.ipv4.conf.vethdbd7715.secure_redirects = 1
net.ipv4.conf.vethdbd7715.send_redirects = 1
net.ipv4.conf.vethdbd7715.shared_media = 1
net.ipv4.conf.vethdbd7715.src_valid_mark = 0
net.ipv4.conf.vethdbd7715.tag = 0
net.ipv4.conf.vethdf51417.accept_local = 0
net.ipv4.conf.vethdf51417.accept_redirects = 1
net.ipv4.conf.vethdf51417.accept_source_route = 0
net.ipv4.conf.vethdf51417.arp_accept = 0
net.ipv4.conf.vethdf51417.arp_announce = 0
net.ipv4.conf.vethdf51417.arp_filter = 0
net.ipv4.conf.vethdf51417.arp_ignore = 0
net.ipv4.conf.vethdf51417.arp_notify = 0
net.ipv4.conf.vethdf51417.bc_forwarding = 0
net.ipv4.conf.vethdf51417.bootp_relay = 0
net.ipv4.conf.vethdf51417.disable_policy = 0
net.ipv4.conf.vethdf51417.disable_xfrm = 0
net.ipv4.conf.vethdf51417.drop_gratuitous_arp = 0
net.ipv4.conf.vethdf51417.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.vethdf51417.force_igmp_version = 0
net.ipv4.conf.vethdf51417.forwarding = 1
net.ipv4.conf.vethdf51417.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.vethdf51417.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.vethdf51417.ignore_routes_with_linkdown = 0
net.ipv4.conf.vethdf51417.log_martians = 0
net.ipv4.conf.vethdf51417.mc_forwarding = 0
net.ipv4.conf.vethdf51417.medium_id = 0
net.ipv4.conf.vethdf51417.promote_secondaries = 1
net.ipv4.conf.vethdf51417.proxy_arp = 0
net.ipv4.conf.vethdf51417.proxy_arp_pvlan = 0
net.ipv4.conf.vethdf51417.route_localnet = 0
net.ipv4.conf.vethdf51417.rp_filter = 2
net.ipv4.conf.vethdf51417.secure_redirects = 1
net.ipv4.conf.vethdf51417.send_redirects = 1
net.ipv4.conf.vethdf51417.shared_media = 1
net.ipv4.conf.vethdf51417.src_valid_mark = 0
net.ipv4.conf.vethdf51417.tag = 0
net.ipv4.conf.vethf964699.accept_local = 0
net.ipv4.conf.vethf964699.accept_redirects = 1
net.ipv4.conf.vethf964699.accept_source_route = 0
net.ipv4.conf.vethf964699.arp_accept = 0
net.ipv4.conf.vethf964699.arp_announce = 0
net.ipv4.conf.vethf964699.arp_filter = 0
net.ipv4.conf.vethf964699.arp_ignore = 0
net.ipv4.conf.vethf964699.arp_notify = 0
net.ipv4.conf.vethf964699.bc_forwarding = 0
net.ipv4.conf.vethf964699.bootp_relay = 0
net.ipv4.conf.vethf964699.disable_policy = 0
net.ipv4.conf.vethf964699.disable_xfrm = 0
net.ipv4.conf.vethf964699.drop_gratuitous_arp = 0
net.ipv4.conf.vethf964699.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.vethf964699.force_igmp_version = 0
net.ipv4.conf.vethf964699.forwarding = 1
net.ipv4.conf.vethf964699.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.vethf964699.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.vethf964699.ignore_routes_with_linkdown = 0
net.ipv4.conf.vethf964699.log_martians = 0
net.ipv4.conf.vethf964699.mc_forwarding = 0
net.ipv4.conf.vethf964699.medium_id = 0
net.ipv4.conf.vethf964699.promote_secondaries = 1
net.ipv4.conf.vethf964699.proxy_arp = 0
net.ipv4.conf.vethf964699.proxy_arp_pvlan = 0
net.ipv4.conf.vethf964699.route_localnet = 0
net.ipv4.conf.vethf964699.rp_filter = 2
net.ipv4.conf.vethf964699.secure_redirects = 1
net.ipv4.conf.vethf964699.send_redirects = 1
net.ipv4.conf.vethf964699.shared_media = 1
net.ipv4.conf.vethf964699.src_valid_mark = 0
net.ipv4.conf.vethf964699.tag = 0
net.ipv4.fib_multipath_hash_policy = 0
net.ipv4.fib_multipath_use_neigh = 0
net.ipv4.fib_sync_mem = 524288
net.ipv4.fwmark_reflect = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_msgs_burst = 50
net.ipv4.icmp_msgs_per_sec = 1000
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_link_local_mcast_reports = 1
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.igmp_qrv = 2
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_threshold = 65664
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_dynaddr = 0
net.ipv4.ip_early_demux = 1
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_local_port_range = 32768	60999
net.ipv4.ip_local_reserved_ports = 
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ip_unprivileged_port_start = 1024
net.ipv4.ipfrag_high_thresh = 4194304
net.ipv4.ipfrag_low_thresh = 3145728
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 0
net.ipv4.ipfrag_time = 30
net.ipv4.neigh.br-mailcow.anycast_delay = 100
net.ipv4.neigh.br-mailcow.app_solicit = 0
net.ipv4.neigh.br-mailcow.base_reachable_time_ms = 30000
net.ipv4.neigh.br-mailcow.delay_first_probe_time = 5
net.ipv4.neigh.br-mailcow.gc_stale_time = 60
net.ipv4.neigh.br-mailcow.locktime = 100
net.ipv4.neigh.br-mailcow.mcast_resolicit = 0
net.ipv4.neigh.br-mailcow.mcast_solicit = 3
net.ipv4.neigh.br-mailcow.proxy_delay = 80
net.ipv4.neigh.br-mailcow.proxy_qlen = 64
net.ipv4.neigh.br-mailcow.retrans_time_ms = 1000
net.ipv4.neigh.br-mailcow.ucast_solicit = 3
net.ipv4.neigh.br-mailcow.unres_qlen = 101
net.ipv4.neigh.br-mailcow.unres_qlen_bytes = 212992
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_resolicit = 0
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 101
net.ipv4.neigh.default.unres_qlen_bytes = 212992
net.ipv4.neigh.docker0.anycast_delay = 100
net.ipv4.neigh.docker0.app_solicit = 0
net.ipv4.neigh.docker0.base_reachable_time_ms = 30000
net.ipv4.neigh.docker0.delay_first_probe_time = 5
net.ipv4.neigh.docker0.gc_stale_time = 60
net.ipv4.neigh.docker0.locktime = 100
net.ipv4.neigh.docker0.mcast_resolicit = 0
net.ipv4.neigh.docker0.mcast_solicit = 3
net.ipv4.neigh.docker0.proxy_delay = 80
net.ipv4.neigh.docker0.proxy_qlen = 64
net.ipv4.neigh.docker0.retrans_time_ms = 1000
net.ipv4.neigh.docker0.ucast_solicit = 3
net.ipv4.neigh.docker0.unres_qlen = 101
net.ipv4.neigh.docker0.unres_qlen_bytes = 212992
net.ipv4.neigh.eth0.anycast_delay = 100
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.locktime = 100
net.ipv4.neigh.eth0.mcast_resolicit = 0
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.proxy_delay = 80
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.unres_qlen = 101
net.ipv4.neigh.eth0.unres_qlen_bytes = 212992
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_resolicit = 0
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 101
net.ipv4.neigh.lo.unres_qlen_bytes = 212992
net.ipv4.neigh.veth13beefe.anycast_delay = 100
net.ipv4.neigh.veth13beefe.app_solicit = 0
net.ipv4.neigh.veth13beefe.base_reachable_time_ms = 30000
net.ipv4.neigh.veth13beefe.delay_first_probe_time = 5
net.ipv4.neigh.veth13beefe.gc_stale_time = 60
net.ipv4.neigh.veth13beefe.locktime = 100
net.ipv4.neigh.veth13beefe.mcast_resolicit = 0
net.ipv4.neigh.veth13beefe.mcast_solicit = 3
net.ipv4.neigh.veth13beefe.proxy_delay = 80
net.ipv4.neigh.veth13beefe.proxy_qlen = 64
net.ipv4.neigh.veth13beefe.retrans_time_ms = 1000
net.ipv4.neigh.veth13beefe.ucast_solicit = 3
net.ipv4.neigh.veth13beefe.unres_qlen = 101
net.ipv4.neigh.veth13beefe.unres_qlen_bytes = 212992
net.ipv4.neigh.veth18a2a60.anycast_delay = 100
net.ipv4.neigh.veth18a2a60.app_solicit = 0
net.ipv4.neigh.veth18a2a60.base_reachable_time_ms = 30000
net.ipv4.neigh.veth18a2a60.delay_first_probe_time = 5
net.ipv4.neigh.veth18a2a60.gc_stale_time = 60
net.ipv4.neigh.veth18a2a60.locktime = 100
net.ipv4.neigh.veth18a2a60.mcast_resolicit = 0
net.ipv4.neigh.veth18a2a60.mcast_solicit = 3
net.ipv4.neigh.veth18a2a60.proxy_delay = 80
net.ipv4.neigh.veth18a2a60.proxy_qlen = 64
net.ipv4.neigh.veth18a2a60.retrans_time_ms = 1000
net.ipv4.neigh.veth18a2a60.ucast_solicit = 3
net.ipv4.neigh.veth18a2a60.unres_qlen = 101
net.ipv4.neigh.veth18a2a60.unres_qlen_bytes = 212992
net.ipv4.neigh.veth2d1d93d.anycast_delay = 100
net.ipv4.neigh.veth2d1d93d.app_solicit = 0
net.ipv4.neigh.veth2d1d93d.base_reachable_time_ms = 30000
net.ipv4.neigh.veth2d1d93d.delay_first_probe_time = 5
net.ipv4.neigh.veth2d1d93d.gc_stale_time = 60
net.ipv4.neigh.veth2d1d93d.locktime = 100
net.ipv4.neigh.veth2d1d93d.mcast_resolicit = 0
net.ipv4.neigh.veth2d1d93d.mcast_solicit = 3
net.ipv4.neigh.veth2d1d93d.proxy_delay = 80
net.ipv4.neigh.veth2d1d93d.proxy_qlen = 64
net.ipv4.neigh.veth2d1d93d.retrans_time_ms = 1000
net.ipv4.neigh.veth2d1d93d.ucast_solicit = 3
net.ipv4.neigh.veth2d1d93d.unres_qlen = 101
net.ipv4.neigh.veth2d1d93d.unres_qlen_bytes = 212992
net.ipv4.neigh.veth36aa875.anycast_delay = 100
net.ipv4.neigh.veth36aa875.app_solicit = 0
net.ipv4.neigh.veth36aa875.base_reachable_time_ms = 30000
net.ipv4.neigh.veth36aa875.delay_first_probe_time = 5
net.ipv4.neigh.veth36aa875.gc_stale_time = 60
net.ipv4.neigh.veth36aa875.locktime = 100
net.ipv4.neigh.veth36aa875.mcast_resolicit = 0
net.ipv4.neigh.veth36aa875.mcast_solicit = 3
net.ipv4.neigh.veth36aa875.proxy_delay = 80
net.ipv4.neigh.veth36aa875.proxy_qlen = 64
net.ipv4.neigh.veth36aa875.retrans_time_ms = 1000
net.ipv4.neigh.veth36aa875.ucast_solicit = 3
net.ipv4.neigh.veth36aa875.unres_qlen = 101
net.ipv4.neigh.veth36aa875.unres_qlen_bytes = 212992
net.ipv4.neigh.veth429707c.anycast_delay = 100
net.ipv4.neigh.veth429707c.app_solicit = 0
net.ipv4.neigh.veth429707c.base_reachable_time_ms = 30000
net.ipv4.neigh.veth429707c.delay_first_probe_time = 5
net.ipv4.neigh.veth429707c.gc_stale_time = 60
net.ipv4.neigh.veth429707c.locktime = 100
net.ipv4.neigh.veth429707c.mcast_resolicit = 0
net.ipv4.neigh.veth429707c.mcast_solicit = 3
net.ipv4.neigh.veth429707c.proxy_delay = 80
net.ipv4.neigh.veth429707c.proxy_qlen = 64
net.ipv4.neigh.veth429707c.retrans_time_ms = 1000
net.ipv4.neigh.veth429707c.ucast_solicit = 3
net.ipv4.neigh.veth429707c.unres_qlen = 101
net.ipv4.neigh.veth429707c.unres_qlen_bytes = 212992
net.ipv4.neigh.veth7012f68.anycast_delay = 100
net.ipv4.neigh.veth7012f68.app_solicit = 0
net.ipv4.neigh.veth7012f68.base_reachable_time_ms = 30000
net.ipv4.neigh.veth7012f68.delay_first_probe_time = 5
net.ipv4.neigh.veth7012f68.gc_stale_time = 60
net.ipv4.neigh.veth7012f68.locktime = 100
net.ipv4.neigh.veth7012f68.mcast_resolicit = 0
net.ipv4.neigh.veth7012f68.mcast_solicit = 3
net.ipv4.neigh.veth7012f68.proxy_delay = 80
net.ipv4.neigh.veth7012f68.proxy_qlen = 64
net.ipv4.neigh.veth7012f68.retrans_time_ms = 1000
net.ipv4.neigh.veth7012f68.ucast_solicit = 3
net.ipv4.neigh.veth7012f68.unres_qlen = 101
net.ipv4.neigh.veth7012f68.unres_qlen_bytes = 212992
net.ipv4.neigh.veth707ddff.anycast_delay = 100
net.ipv4.neigh.veth707ddff.app_solicit = 0
net.ipv4.neigh.veth707ddff.base_reachable_time_ms = 30000
net.ipv4.neigh.veth707ddff.delay_first_probe_time = 5
net.ipv4.neigh.veth707ddff.gc_stale_time = 60
net.ipv4.neigh.veth707ddff.locktime = 100
net.ipv4.neigh.veth707ddff.mcast_resolicit = 0
net.ipv4.neigh.veth707ddff.mcast_solicit = 3
net.ipv4.neigh.veth707ddff.proxy_delay = 80
net.ipv4.neigh.veth707ddff.proxy_qlen = 64
net.ipv4.neigh.veth707ddff.retrans_time_ms = 1000
net.ipv4.neigh.veth707ddff.ucast_solicit = 3
net.ipv4.neigh.veth707ddff.unres_qlen = 101
net.ipv4.neigh.veth707ddff.unres_qlen_bytes = 212992
net.ipv4.neigh.veth7bebd9e.anycast_delay = 100
net.ipv4.neigh.veth7bebd9e.app_solicit = 0
net.ipv4.neigh.veth7bebd9e.base_reachable_time_ms = 30000
net.ipv4.neigh.veth7bebd9e.delay_first_probe_time = 5
net.ipv4.neigh.veth7bebd9e.gc_stale_time = 60
net.ipv4.neigh.veth7bebd9e.locktime = 100
net.ipv4.neigh.veth7bebd9e.mcast_resolicit = 0
net.ipv4.neigh.veth7bebd9e.mcast_solicit = 3
net.ipv4.neigh.veth7bebd9e.proxy_delay = 80
net.ipv4.neigh.veth7bebd9e.proxy_qlen = 64
net.ipv4.neigh.veth7bebd9e.retrans_time_ms = 1000
net.ipv4.neigh.veth7bebd9e.ucast_solicit = 3
net.ipv4.neigh.veth7bebd9e.unres_qlen = 101
net.ipv4.neigh.veth7bebd9e.unres_qlen_bytes = 212992
net.ipv4.neigh.veth8215c13.anycast_delay = 100
net.ipv4.neigh.veth8215c13.app_solicit = 0
net.ipv4.neigh.veth8215c13.base_reachable_time_ms = 30000
net.ipv4.neigh.veth8215c13.delay_first_probe_time = 5
net.ipv4.neigh.veth8215c13.gc_stale_time = 60
net.ipv4.neigh.veth8215c13.locktime = 100
net.ipv4.neigh.veth8215c13.mcast_resolicit = 0
net.ipv4.neigh.veth8215c13.mcast_solicit = 3
net.ipv4.neigh.veth8215c13.proxy_delay = 80
net.ipv4.neigh.veth8215c13.proxy_qlen = 64
net.ipv4.neigh.veth8215c13.retrans_time_ms = 1000
net.ipv4.neigh.veth8215c13.ucast_solicit = 3
net.ipv4.neigh.veth8215c13.unres_qlen = 101
net.ipv4.neigh.veth8215c13.unres_qlen_bytes = 212992
net.ipv4.neigh.veth8561070.anycast_delay = 100
net.ipv4.neigh.veth8561070.app_solicit = 0
net.ipv4.neigh.veth8561070.base_reachable_time_ms = 30000
net.ipv4.neigh.veth8561070.delay_first_probe_time = 5
net.ipv4.neigh.veth8561070.gc_stale_time = 60
net.ipv4.neigh.veth8561070.locktime = 100
net.ipv4.neigh.veth8561070.mcast_resolicit = 0
net.ipv4.neigh.veth8561070.mcast_solicit = 3
net.ipv4.neigh.veth8561070.proxy_delay = 80
net.ipv4.neigh.veth8561070.proxy_qlen = 64
net.ipv4.neigh.veth8561070.retrans_time_ms = 1000
net.ipv4.neigh.veth8561070.ucast_solicit = 3
net.ipv4.neigh.veth8561070.unres_qlen = 101
net.ipv4.neigh.veth8561070.unres_qlen_bytes = 212992
net.ipv4.neigh.veth888556f.anycast_delay = 100
net.ipv4.neigh.veth888556f.app_solicit = 0
net.ipv4.neigh.veth888556f.base_reachable_time_ms = 30000
net.ipv4.neigh.veth888556f.delay_first_probe_time = 5
net.ipv4.neigh.veth888556f.gc_stale_time = 60
net.ipv4.neigh.veth888556f.locktime = 100
net.ipv4.neigh.veth888556f.mcast_resolicit = 0
net.ipv4.neigh.veth888556f.mcast_solicit = 3
net.ipv4.neigh.veth888556f.proxy_delay = 80
net.ipv4.neigh.veth888556f.proxy_qlen = 64
net.ipv4.neigh.veth888556f.retrans_time_ms = 1000
net.ipv4.neigh.veth888556f.ucast_solicit = 3
net.ipv4.neigh.veth888556f.unres_qlen = 101
net.ipv4.neigh.veth888556f.unres_qlen_bytes = 212992
net.ipv4.neigh.vethb4953f2.anycast_delay = 100
net.ipv4.neigh.vethb4953f2.app_solicit = 0
net.ipv4.neigh.vethb4953f2.base_reachable_time_ms = 30000
net.ipv4.neigh.vethb4953f2.delay_first_probe_time = 5
net.ipv4.neigh.vethb4953f2.gc_stale_time = 60
net.ipv4.neigh.vethb4953f2.locktime = 100
net.ipv4.neigh.vethb4953f2.mcast_resolicit = 0
net.ipv4.neigh.vethb4953f2.mcast_solicit = 3
net.ipv4.neigh.vethb4953f2.proxy_delay = 80
net.ipv4.neigh.vethb4953f2.proxy_qlen = 64
net.ipv4.neigh.vethb4953f2.retrans_time_ms = 1000
net.ipv4.neigh.vethb4953f2.ucast_solicit = 3
net.ipv4.neigh.vethb4953f2.unres_qlen = 101
net.ipv4.neigh.vethb4953f2.unres_qlen_bytes = 212992
net.ipv4.neigh.vethc36b865.anycast_delay = 100
net.ipv4.neigh.vethc36b865.app_solicit = 0
net.ipv4.neigh.vethc36b865.base_reachable_time_ms = 30000
net.ipv4.neigh.vethc36b865.delay_first_probe_time = 5
net.ipv4.neigh.vethc36b865.gc_stale_time = 60
net.ipv4.neigh.vethc36b865.locktime = 100
net.ipv4.neigh.vethc36b865.mcast_resolicit = 0
net.ipv4.neigh.vethc36b865.mcast_solicit = 3
net.ipv4.neigh.vethc36b865.proxy_delay = 80
net.ipv4.neigh.vethc36b865.proxy_qlen = 64
net.ipv4.neigh.vethc36b865.retrans_time_ms = 1000
net.ipv4.neigh.vethc36b865.ucast_solicit = 3
net.ipv4.neigh.vethc36b865.unres_qlen = 101
net.ipv4.neigh.vethc36b865.unres_qlen_bytes = 212992
net.ipv4.neigh.vethdbd7715.anycast_delay = 100
net.ipv4.neigh.vethdbd7715.app_solicit = 0
net.ipv4.neigh.vethdbd7715.base_reachable_time_ms = 30000
net.ipv4.neigh.vethdbd7715.delay_first_probe_time = 5
net.ipv4.neigh.vethdbd7715.gc_stale_time = 60
net.ipv4.neigh.vethdbd7715.locktime = 100
net.ipv4.neigh.vethdbd7715.mcast_resolicit = 0
net.ipv4.neigh.vethdbd7715.mcast_solicit = 3
net.ipv4.neigh.vethdbd7715.proxy_delay = 80
net.ipv4.neigh.vethdbd7715.proxy_qlen = 64
net.ipv4.neigh.vethdbd7715.retrans_time_ms = 1000
net.ipv4.neigh.vethdbd7715.ucast_solicit = 3
net.ipv4.neigh.vethdbd7715.unres_qlen = 101
net.ipv4.neigh.vethdbd7715.unres_qlen_bytes = 212992
net.ipv4.neigh.vethdf51417.anycast_delay = 100
net.ipv4.neigh.vethdf51417.app_solicit = 0
net.ipv4.neigh.vethdf51417.base_reachable_time_ms = 30000
net.ipv4.neigh.vethdf51417.delay_first_probe_time = 5
net.ipv4.neigh.vethdf51417.gc_stale_time = 60
net.ipv4.neigh.vethdf51417.locktime = 100
net.ipv4.neigh.vethdf51417.mcast_resolicit = 0
net.ipv4.neigh.vethdf51417.mcast_solicit = 3
net.ipv4.neigh.vethdf51417.proxy_delay = 80
net.ipv4.neigh.vethdf51417.proxy_qlen = 64
net.ipv4.neigh.vethdf51417.retrans_time_ms = 1000
net.ipv4.neigh.vethdf51417.ucast_solicit = 3
net.ipv4.neigh.vethdf51417.unres_qlen = 101
net.ipv4.neigh.vethdf51417.unres_qlen_bytes = 212992
net.ipv4.neigh.vethf964699.anycast_delay = 100
net.ipv4.neigh.vethf964699.app_solicit = 0
net.ipv4.neigh.vethf964699.base_reachable_time_ms = 30000
net.ipv4.neigh.vethf964699.delay_first_probe_time = 5
net.ipv4.neigh.vethf964699.gc_stale_time = 60
net.ipv4.neigh.vethf964699.locktime = 100
net.ipv4.neigh.vethf964699.mcast_resolicit = 0
net.ipv4.neigh.vethf964699.mcast_solicit = 3
net.ipv4.neigh.vethf964699.proxy_delay = 80
net.ipv4.neigh.vethf964699.proxy_qlen = 64
net.ipv4.neigh.vethf964699.retrans_time_ms = 1000
net.ipv4.neigh.vethf964699.ucast_solicit = 3
net.ipv4.neigh.vethf964699.unres_qlen = 101
net.ipv4.neigh.vethf964699.unres_qlen_bytes = 212992
net.ipv4.ping_group_range = 0	2147483647
net.ipv4.raw_l3mdev_accept = 1
net.ipv4.route.error_burst = 500
net.ipv4.route.error_cost = 100
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = -1
net.ipv4.route.gc_timeout = 300
net.ipv4.route.max_size = 2147483647
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.mtu_expires = 600
net.ipv4.route.redirect_load = 2
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 2048
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_allowed_congestion_control = reno cubic
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_autocorking = 1
net.ipv4.tcp_available_congestion_control = reno cubic
net.ipv4.tcp_available_ulp = 
net.ipv4.tcp_base_mss = 1024
net.ipv4.tcp_challenge_ack_limit = 1000
net.ipv4.tcp_comp_sack_delay_ns = 1000000
net.ipv4.tcp_comp_sack_nr = 44
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_early_demux = 1
net.ipv4.tcp_early_retrans = 3
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_ecn_fallback = 1
net.ipv4.tcp_fack = 0
net.ipv4.tcp_fastopen = 1
net.ipv4.tcp_fastopen_blackhole_timeout_sec = 3600
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_frto = 2
net.ipv4.tcp_fwmark_accept = 0
net.ipv4.tcp_invalid_ratelimit = 500
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_l3mdev_accept = 0
net.ipv4.tcp_limit_output_bytes = 1048576
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_reordering = 300
net.ipv4.tcp_max_syn_backlog = 512
net.ipv4.tcp_max_tw_buckets = 32768
net.ipv4.tcp_mem = 94194	125595	188388
net.ipv4.tcp_min_rtt_wlen = 300
net.ipv4.tcp_min_snd_mss = 48
net.ipv4.tcp_min_tso_segs = 2
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_mtu_probe_floor = 48
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_notsent_lowat = 4294967295
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_pacing_ca_ratio = 120
net.ipv4.tcp_pacing_ss_ratio = 200
net.ipv4.tcp_probe_interval = 600
net.ipv4.tcp_probe_threshold = 8
net.ipv4.tcp_recovery = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_rmem = 4096	131072	6291456
net.ipv4.tcp_rx_skb_cache = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_syn_retries = 6
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_tw_reuse = 2
net.ipv4.tcp_tx_skb_cache = 0
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096	16384	4194304
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.udp_early_demux = 1
net.ipv4.udp_l3mdev_accept = 0
net.ipv4.udp_mem = 188391	251191	376782
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.ipv4.xfrm4_gc_thresh = 32768

/usr/lib/systemd/systemd-sysctl outputs the same "Not setting..." messages you have posted

Since you mentioned firewall I went ahead and checked the output of iptables -S and it is exactly what it should be, pasted below in case it provides any useful information

-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-N MAILCOW
-A INPUT -j MAILCOW
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j MAILCOW
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-mailcow -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-mailcow -j DOCKER
-A FORWARD -i br-mailcow ! -o br-mailcow -j ACCEPT
-A FORWARD -i br-mailcow -o br-mailcow -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A DOCKER -d 172.22.1.5/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 587 -j ACCEPT
-A DOCKER -d 172.22.1.5/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 465 -j ACCEPT
-A DOCKER -d 172.22.1.6/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 20012 -j ACCEPT
-A DOCKER -d 172.22.1.5/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 25 -j ACCEPT
-A DOCKER -d 172.22.1.6/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 20011 -j ACCEPT
-A DOCKER -d 172.22.1.249/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 6379 -j ACCEPT
-A DOCKER -d 172.22.1.11/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 3306 -j ACCEPT
-A DOCKER -d 172.22.1.13/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 8983 -j ACCEPT
-A DOCKER -d 172.22.1.250/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 12345 -j ACCEPT
-A DOCKER -d 172.22.1.250/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 4190 -j ACCEPT
-A DOCKER -d 172.22.1.250/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 995 -j ACCEPT
-A DOCKER -d 172.22.1.250/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 993 -j ACCEPT
-A DOCKER -d 172.22.1.250/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 143 -j ACCEPT
-A DOCKER -d 172.22.1.250/32 ! -i br-mailcow -o br-mailcow -p tcp -m tcp --dport 110 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-mailcow ! -o br-mailcow -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-mailcow -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

Offline

#9 2020-06-11 14:26:06

L12C
Member
Registered: 2020-06-11
Posts: 5

Re: [Partly solved] Kernel Upgrade prevents SSH connections

Actually, disregard the output from systemctl status sshd except for the fact that sshd is still running, I have just realized that that was NOT my IP adress and likely an intrusion attempt. I have checked the logs again and they don't actually seem to contain any mention of my session being dropped, neither of any new connection attempts I make. They do however contain ever new connection attempts by that same rogue IP, so some connections are apparently routed through to sshd

Offline

#10 2020-06-11 15:21:55

L12C
Member
Registered: 2020-06-11
Posts: 5

Re: [Partly solved] Kernel Upgrade prevents SSH connections

Alright, the logs brought me to another idea: IPv4 vs IPv6. From ip6tables -S it seems that incoming IPv6 connections are dropped, except those for Docker containers. That is not what should happen. I did not notice this problem since all services I use on that machine except SSH seem to automatically downgrade to IPv4 if IPv6 connection fails.

Should I mark this solved or does anyone feel like finding out WHY kernel upgrades cause IPv6 connections to be dropped, since this isn't really expected behavior, and could be both misconfiguration on my part or a bug.

Offline

#11 2020-06-15 19:00:49

loqs
Member
Registered: 2014-03-06
Posts: 18,633

Re: [Partly solved] Kernel Upgrade prevents SSH connections

Can you reproduce the issue by just reinstalling the kernel package?

Offline

Board footer

Powered by FluxBB