core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

Make type editable in tunables

Open obkgroove21 opened this issue 1 month ago • 10 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

At the moment, all changes made in tunables are automatically added to /boot/loader.conf, even if the change is for /etc/sysctl.conf It is not possible to change the type to sysctl in order the entry to be applied to the correct config.

Describe the solution you like

The type should be editable in the GUI to determine what entry belongs to the suitable confog.

Describe alternatives you considered

Temporarily manual added change fpr /etc/sysctl.conf to /usr/local/etc/sysctl.conf gesetzt and then applied with sysctl -f /usr/local/etc/sysctl.conf

Additional context

Add any other context or screenshots about the feature request here or links to relevant forum thread or similar

Image

obkgroove21 avatar Nov 16 '25 15:11 obkgroove21

The type is not meant to steer the tunable. It is merely a reflection of what the OS thinks it may be. Most tunables work in loader.conf and sysctl.conf anyway. A lot of special exceptions apply for various reasons intransparent to the user (hidden in OS code, especially environment variables for the boot loader).

Cheers, Franco

fichtner avatar Nov 16 '25 15:11 fichtner

Hello Franco,

how can I achieve, that configs for /etc/sysctl.conf set in tunables are applied correctly?

See also: https://forum.opnsense.org/index.php?topic=49769.0

Cheers

obkgroove21 avatar Nov 16 '25 15:11 obkgroove21

We do not use /etc/sysctl.conf. All the tunables in the GUI are applied as sysctls during runtime though so I don't understand the issue except that we do not populate that file or use it for loading user syctls (because then these are not backed up in the config.xml).

Cheers, Franco

fichtner avatar Nov 16 '25 16:11 fichtner

The problem is:

When I add something for sysctl

net.inet.ip.portrange.reservedlow=0 net.inet.ip.portrange.reservedhigh=0 security.mac.portacl.port_high=1023 security.mac.portacl.suser_exempt=1 security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53

it is added to /boot/loader.conf after applying in the GUI.

obkgroove21 avatar Nov 19 '25 10:11 obkgroove21

@fichtner : Am I wrong or did I misunderstand something?

obkgroove21 avatar Nov 25 '25 12:11 obkgroove21

https://docs.opnsense.org/manual/settingsmenu.html#tunables ?

AdSchellevis avatar Nov 25 '25 12:11 AdSchellevis

Hello at @AdSchellevis ,

maybe you can have a look at: https://forum.opnsense.org/index.php?topic=49769.msg252809#msg252809

I think everything is described there.

Thank you!

Greetings!

obkgroove21 avatar Nov 25 '25 12:11 obkgroove21

Close then?

fichtner avatar Nov 25 '25 13:11 fichtner

My question was, if it is correct, that variables for sysctl.conf are applied into loader.conf as described in Post #1 in https://forum.opnsense.org/index.php?topic=49769 ?

obkgroove21 avatar Nov 25 '25 13:11 obkgroove21

I'll try one more time: we do not use sysctl.conf -- we directly apply tunables with sysctl to the kernel.

Cheers, Franco

fichtner avatar Nov 25 '25 13:11 fichtner