Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Disables packet forwarding
- net.ipv4.ip_forward=0
- net.ipv4.conf.all.send_redirects=0
- net.ipv4.conf.default.send_redirects=0
- # Disables IP source routing
- net.ipv4.conf.all.accept_source_route=0
- net.ipv4.conf.default.accept_source_route=0
- # Accept Redirects? No, this is not router
- net.ipv4.conf.all.accept_redirects=0
- net.ipv4.conf.default.accept_redirects=0
- # Log packets with impossible addresses to kernel log
- net.ipv4.conf.all.secure_redirects=0
- net.ipv4.conf.default.secure_redirects=0
- # Enable Log Spoofed Packets
- net.ipv4.conf.all.log_martians=1
- net.ipv4.conf.default.log_martians=1
- # Disables IP source routing
- net.ipv4.conf.all.rp_filter=1
- net.ipv4.conf.default.rp_filter=1
- net.ipv4.conf.all.forwarding=0
- # Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
- net.ipv4.icmp_echo_ignore_broadcasts=1
- net.ipv4.icmp_ignore_bogus_error_responses=1
- # Enable TCP SYN Cookie Protection
- net.ipv4.tcp_syncookies=1
- ### IPv6 networking start ####
- net.ipv6.conf.all.accept_ra=0
- net.ipv6.conf.default.accept_ra=0
- net.ipv6.conf.all.accept_redirects=0
- net.ipv6.conf.default.accept_redirects=0
- net.ipv6.conf.all.disable_ipv6=1
- net.ipv6.conf.default.disable_ipv6=1
- net.ipv6.conf.lo.disable_ipv6=1
- # ExecShield
- kernel.randomize_va_space = 2
- # Turn off the tcp_sack
- net.ipv4.tcp_sack = 0
Advertisement
Add Comment
Please, Sign In to add comment
