Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # /etc/sysctl.d/90-firewall.conf
- # Turn on Source Address Verification in all interfaces to
- # prevent some spoofing attacks
- net.ipv4.conf.all.rp_filter=1
- # Uncomment the next line to enable TCP/IP SYN cookies
- net.ipv4.tcp_syncookies=1
- net.ipv4.tcp_max_syn_backlog = 2048
- net.ipv4.tcp_synack_retries = 2
- net.ipv4.tcp_syn_retries = 5
- # Do not accept ICMP redirects (prevent MITM attacks)
- net.ipv4.conf.all.accept_redirects = 0
- net.ipv6.conf.all.accept_redirects = 0
- net.ipv4.conf.default.accept_redirects = 0
- net.ipv6.conf.default.accept_redirects = 0
- # Do not send ICMP redirects (we are not a router)
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- # Do not accept IP source route packets (we are not a router)
- net.ipv4.conf.all.accept_source_route = 0
- net.ipv6.conf.all.accept_source_route = 0
- net.ipv4.conf.default.accept_source_route = 0
- net.ipv6.conf.default.accept_source_route = 0
- # Log Martian Packets
- net.ipv4.conf.all.log_martians = 1
- net.ipv4.icmp_ignore_bogus_error_responses = 1
- # Ignore ICMP broadcast requests
- net.ipv4.icmp_echo_ignore_broadcasts = 1
- # Ignore Directed pings
- #net.ipv4.icmp_echo_ignore_all = 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement