> In a recent thread, someone pointed to /boot/config-xxxx as the source > where info about the configs compiled into the kernel can be found. yes > However, in my new potato installation there is no such file. ooops ... i verified it ... there is in fact no such file. i guess, you have to install the kernel-package explicitly. > What I want to know is whether the kernel is compiled with IP: always > defragment set to Y (as discussed in the ipchains HOWTO). no - because there is no such option any more.
> I see that in /proc/sys/net/ipv4 there are files that look like > individual config files; ip_always_defrag is currently 0. > > Has potato moved some of these configs out to runtime, so that you can > set this with > echo 1 > /proc/sys/net/ipv4/ip_always_defrag > ? > i tried this once - it didn't work. however - theoretically it is not needed in general. it's only needed for masquerading and transparent proxying - which is automatically detected by the kernel (look at the /proc/...defrag while you have maqu-ed connections). the ipchains how-to says that it should be always on, because there once way a bug in the ip-stack, which allowed some DoS-attack, AFAIK. -- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- Linux - the last service pack you'll ever need.
