source: branches/fc11-dev/lvs/debian/config/etc/sysctl.conf @ 1362

Last change on this file since 1362 was 1003, checked in by quentin, 16 years ago
Upgrade to lenny's sysctl.conf
File size: 2.2 KB
Line 
1#
2# /etc/sysctl.conf - Configuration file for setting system variables
3# See /etc/sysctl.d/ for additonal system variables
4# See sysctl.conf (5) for information.
5#
6
7#kernel.domainname = example.com
8
9# Uncomment the following to stop low-level messages on console
10#kernel.printk = 4 4 1 7
11
12##############################################################3
13# Functions previously found in netbase
14#
15
16# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
17# Turn on Source Address Verification in all interfaces to
18# prevent some spoofing attacks
19#net.ipv4.conf.default.rp_filter=1
20#net.ipv4.conf.all.rp_filter=1
21
22# Uncomment the next line to enable TCP/IP SYN cookies
23# This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167),
24# and is not recommended.
25#net.ipv4.tcp_syncookies=1
26
27# Uncomment the next line to enable packet forwarding for IPv4
28net.ipv4.ip_forward=1
29
30# Uncomment the next line to enable packet forwarding for IPv6
31#net.ipv6.conf.all.forwarding=1
32
33
34###################################################################
35# Additional settings - these settings can improve the network
36# security of the host and prevent against some network attacks
37# including spoofing attacks and man in the middle attacks through
38# redirection. Some network environments, however, require that these
39# settings are disabled so review and enable them as needed.
40#
41# Ignore ICMP broadcasts
42#net.ipv4.icmp_echo_ignore_broadcasts = 1
43#
44# Ignore bogus ICMP errors
45#net.ipv4.icmp_ignore_bogus_error_responses = 1
46#
47# Do not accept ICMP redirects (prevent MITM attacks)
48#net.ipv4.conf.all.accept_redirects = 0
49#net.ipv6.conf.all.accept_redirects = 0
50# _or_
51# Accept ICMP redirects only for gateways listed in our default
52# gateway list (enabled by default)
53# net.ipv4.conf.all.secure_redirects = 1
54#
55# Do not send ICMP redirects (we are not a router)
56#net.ipv4.conf.all.send_redirects = 0
57#
58# Do not accept IP source route packets (we are not a router)
59#net.ipv4.conf.all.accept_source_route = 0
60#net.ipv6.conf.all.accept_source_route = 0
61#
62# Log Martian Packets
63#net.ipv4.conf.all.log_martians = 1
64#
65# The contents of /proc/<pid>/maps and smaps files are only visible to
66# readers that are allowed to ptrace() the process
67# kernel.maps_protect = 1
Note: See TracBrowser for help on using the repository browser.