LinuxSecurity.com: Network Security with /proc/sys/net/ipv4

"Perhaps one of the more frequently neglected areas of firewall configuration involves the /proc filesystem. The pseudo file structure within proc allows you to interface with the internal data structures in the kernel, either obtaining information about the system or changing specific settings. Some of the parts of /proc are read-only, while others can be modified. It is often referred to as a virtual filesystem in that it doesn't take up any actual hard drive space; files are created only on demand when you access them. In this article, we will be focusing specifically on /proc/sys/net/ipv4.

In order to benefit from the use of the /proc filesystem, you'll need to enable two settings when building your kernel. CONFIG_PROC_FS is the setting that allows you to access and view the /proc filesystem, and CONFIG_SYSCTL is the bit that actually allows you to modify /proc entries without requiring a reboot of the system or a recompile of the kernel. Settings are only available at boot time after the /proc file system has been mounted."

Complete Story

Related Stories:

• BinaryFreedom.com: Kernel Internals, Part I; Accessing [UNIX] Kernel Internals; /proc and kvm(Jan 20, 2001)
• Linux.com: Using the /proc Filesystem(Jan 13, 2001)
• FreeOS.com: Exploring /proc(Dec 16, 2000)
• O'Reilly Network: Exploring the /proc/net/ Directory(Nov 23, 2000)
• Linuxcare: Dear Lina: Playing In /proc(Nov 30, 1999)
• UNIX & LINUX Computing Journal: Tuning the Filesystem via Proc(Oct 01, 1999)