sysctl

The sysctl tool is used to manage kernel runtime parameters at runtime (without rebooting).

It works with parameters located under /proc/sys, and changes made via sysctl are immediate but not persistent unless written to a config file.

Table of Contents

• Basic Usage
• Config Files
  • sysctl Priority Order

Basic Usage

• View all kernel runtime parameters as they're currently set:

  sysctl -a
  

• Filter for a specific kernel setting, e.g., ipv4:

  sysctl -a | grep -i 'ipv4'  
  

• Filter for settings that start with net.ipv4:

  sysctl net.ipv4             
  

  Note that this will not do the same as grep, it will only show settings that start with the given argument.

• Filter for a specific setting by name:

  sysctl net.ipv4.ip_forward
  

  This will look in /proc/sys/ for the current state of that setting.
  This will follow the path: /proc/sys/net/ipv4/ip_forward

• Set a runtime kernel parameter (non-persistent):

  sysctl net.ipv4.ip_forward=0
  

  This change will not persist throughout reboots.
  You'll need to add a rule to a config file to persist the change.

• Reload kernel runtime parameters without rebooting:

  sysctl --system
  

---

• Filter kernel parameters by using a regular expression (ERE):
  

  sysctl -a -r '^net\.ipv[46]\>'
  

  This will show all kernel parameter that match the pattern.
  • start with the word net, followed by a ., then match either ipv4 or ipv6.

Config Files

To configure kernel runtime parameters to persist throughout reboots, you need to add them to a config file in /etc/sysctl.d/.

Custom settings should go in /etc/sysctl.d/, but there are other locations where settings are stored:

• /usr/lib/sysctl.d/: Vendor settings go in here.
• /etc/sysctl.d/: This is where you should put your settings.
• /run/sysctl.d/

sysctl Priority Order

When kernel paremeters are loaded in, either on boot or with sysctl --system, it looks for files in this order:

• /etc/sysctl.d/*.conf
• /run/sysctl.d/*.conf
• /usr/local/lib/sysctl.d/*.conf
• /usr/lib/sysctl.d/*.conf
• /lib/sysctl.d/*.conf
• /etc/sysctl.conf

Once a file has been loaded, any other files with the same name will be ignored. Since files in /etc/sysctl.d are loaded first, this is where we put our settings.

Resources

• man 8 sysctl
• man 5 sysctl.conf