Difference between net.ipv4.conf.all.forwarding and net.ipv4.ip_forward

Question

According to https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

conf/all/*    is special, changes the settings for all interfaces

forwarding - BOOLEAN
    Enable IP forwarding on this interface.  This controls whether packets
    received _on_ this interface can be forwarded.

ip_forward - BOOLEAN
    0 - disabled (default)
    not 0 - enabled

    Forward Packets between interfaces.

    This variable is special, its change resets all configuration
    parameters to their default state (RFC1122 for hosts, RFC1812
    for routers)

So, net.ipv4.conf.all.forwarding=0 disables the IPv4 packets forwarding on all interfaces, same as net.ipv4.ip_forward=0 disables the IPv4 packet forwarding on all interfaces.

Can anyone, please, explain what's the difference between net.ipv4.conf.all.forwarding and net.ipv4.ip_forward kernel params?

Answer 1

Based on the description ip_forward will not only change the value for the packet forwarding between the interfaces, but other configuration too. As mentioned, the other configuration will be set to default i.e FC1122 for hosts and RFC1812 for routers.

Whereas in case of forwarding, it will set it on that particular interface or all the interface based on the usage without affecting other configuration.

For example: ipv4.conf.all.forwarding=1 will set the ipv4 forwarding on all the interfaces without affecting other configuration and ipv4.ip_forward=1 will also set the ipv4 forwarding on all the interfaces but also changes the configuration too.

Answer 2

Indeed, both parameters affect IP forwarding at a broad level. However, net.ipv4.conf.all.forwarding is meant to provide more granular control within network namespaces when dealing with complex networking scenarios where you want to enable or disable forwarding for specific namespaces while leaving others unaffected.