net.ipv4.ip_forward = 0 Persistence in RHEL

Following along with Sander van Vugt’s RHCSA preparation videos (finally booked the exam for next week!), I was having trouble replicating the results he was getting in modifying net.ipv4.ip_forward with sysctl, to demonstrate kernel tuning.

In his series, he simply adds net.ipv4.ip_forward = 1 to the /etc/sysctl.conf file. But since this value is set to 1 by default, I wanted to modify it to 0 and back again so the process was clear in my mind.

However, whether modifying the sysctl.conf file directly or adding a drop-in file to /etc/sysctl.d, the value never stayed persistent after a reboot (RHEL 8.4). Other sysctl values I tried remained persistent without issue, and I could modify ip_forward at runtime, but at boot something was overwriting the ip_forward value specifically.

After a bit of digging online, it turns out the culprit is libvirtd, a virtualisation management service. Although systemctl shows it as inactive, it is enabled at startup.

Disabling libvirtd withsystemctl disable libvirtd allowed the changes made via sysctl to remain persistent across reboots.

The libvirtd documentation below confirms that the service attempts to enable ip_forward.

https://wiki.libvirt.org/page/Networking

If you’re not interesting in running your box as a hypervisor, there doesn’t appear to be any adverse effect in disabling this service, and it has the added bonus of cleaning up your interface list by removing the two unnecessary virbr bridge interfaces.

Leave a Reply

Your email address will not be published. Required fields are marked *