API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 25th, 2020
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.29 KB | None | 0 0
raw download clone embed print report
  1. sudo nano /etc/sysctl.conf
  2. Add or modify the following.
  3.  
  4. # IP Spoofing protection
  5. ​net.ipv4.conf.all.rp_filter = 1
  6. ​net.ipv4.conf.default.rp_filter = 1
  8. ​# Ignore ICMP broadcast requests
  9. ​net.ipv4.icmp_echo_ignore_broadcasts = 1
  11. ​# Disable source packet routing
  12. ​net.ipv4.conf.all.accept_source_route = 0
  13. ​net.ipv6.conf.all.accept_source_route = 0
  14. ​net.ipv4.conf.default.accept_source_route = 0
  15. ​net.ipv6.conf.default.accept_source_route = 0
  17. ​# Ignore send redirects
  18. ​net.ipv4.conf.all.send_redirects = 0
  19. ​net.ipv4.conf.default.send_redirects = 0
  21. ​# Block SYN attacks
  22. ​net.ipv4.tcp_syncookies = 1
  23. ​net.ipv4.tcp_max_syn_backlog = 2048
  24. ​net.ipv4.tcp_synack_retries = 2
  25. ​net.ipv4.tcp_syn_retries = 5
  27. ​# Log Martians
  28. ​net.ipv4.conf.all.log_martians = 1
  29. ​net.ipv4.icmp_ignore_bogus_error_responses = 1
  31. ​# Ignore ICMP redirects
  32. ​net.ipv4.conf.all.accept_redirects = 0
  33. ​net.ipv6.conf.all.accept_redirects = 0
  34. ​net.ipv4.conf.default.accept_redirects = 0
  35. ​net.ipv6.conf.default.accept_redirects = 0
  37. ​# Ignore Directed pings
  38. ​net.ipv4.icmp_echo_ignore_all = 1
  39.  
  40. # Accept Redirects? No, this is not router
  41. net.ipv4.conf.all.secure_redirects = 0
  42.  
  43. # Log packets with impossible addresses to kernel log? yes
  44. net.ipv4.conf.default.secure_redirects = 0
  45.  
  46. #Enable ExecShield protection
  47. kernel.exec-shield = 1
  48. kernel.randomize_va_space = 1
  49.  
  50. ########## IPv6 networking start ##############
  51. # Number of Router Solicitations to send until assuming no routers are present.
  52. # This is host and not router
  53. net.ipv6.conf.default.router_solicitations = 0
  54.  
  55. # Accept Router Preference in RA?
  56. net.ipv6.conf.default.accept_ra_rtr_pref = 0
  57.  
  58. # Learn Prefix Information in Router Advertisement
  59. net.ipv6.conf.default.accept_ra_pinfo = 0
  60.  
  61. # Setting controls whether the system will accept Hop Limit settings from a router advertisement
  62. net.ipv6.conf.default.accept_ra_defrtr = 0
  63.  
  64. #router advertisements can cause the system to assign a global unicast address to an interface
  65. net.ipv6.conf.default.autoconf = 0
  66.  
  67. #how many neighbor solicitations to send out per address?
  68. net.ipv6.conf.default.dad_transmits = 0
  69.  
  70. # How many global unicast IPv6 addresses can be assigned to each interface?
  71. net.ipv6.conf.default.max_addresses = 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!