Changeset 1003


Ignore:
Timestamp:
Mar 5, 2009, 8:55:30 PM (13 years ago)
Author:
quentin
Message:
Upgrade to lenny's sysctl.conf
File:
1 edited

Legend:

Unmodified
Added
Removed
  • lvs/debian/config/etc/sysctl.conf

    r568 r1003  
    11#
    22# /etc/sysctl.conf - Configuration file for setting system variables
     3# See /etc/sysctl.d/ for additonal system variables
    34# See sysctl.conf (5) for information.
    45#
    56
    67#kernel.domainname = example.com
    7 #net/ipv4/icmp_echo_ignore_broadcasts=1
    88
    99# Uncomment the following to stop low-level messages on console
     
    1414#
    1515
    16 # Uncomment the next line to enable Spoof protection (reverse-path filter)
     16# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
     17# Turn on Source Address Verification in all interfaces to
     18# prevent some spoofing attacks
    1719#net.ipv4.conf.default.rp_filter=1
     20#net.ipv4.conf.all.rp_filter=1
    1821
    1922# Uncomment the next line to enable TCP/IP SYN cookies
     23# This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167),
     24# and is not recommended.
    2025#net.ipv4.tcp_syncookies=1
    2126
    2227# Uncomment the next line to enable packet forwarding for IPv4
    23 net.ipv4.conf.default.forwarding=1
     28net.ipv4.ip_forward=1
    2429
    2530# Uncomment the next line to enable packet forwarding for IPv6
    26 #net.ipv6.conf.default.forwarding=1
     31#net.ipv6.conf.all.forwarding=1
     32
     33
     34###################################################################
     35# Additional settings - these settings can improve the network
     36# security of the host and prevent against some network attacks
     37# including spoofing attacks and man in the middle attacks through
     38# redirection. Some network environments, however, require that these
     39# settings are disabled so review and enable them as needed.
     40#
     41# Ignore ICMP broadcasts
     42#net.ipv4.icmp_echo_ignore_broadcasts = 1
     43#
     44# Ignore bogus ICMP errors
     45#net.ipv4.icmp_ignore_bogus_error_responses = 1
     46#
     47# Do not accept ICMP redirects (prevent MITM attacks)
     48#net.ipv4.conf.all.accept_redirects = 0
     49#net.ipv6.conf.all.accept_redirects = 0
     50# _or_
     51# Accept ICMP redirects only for gateways listed in our default
     52# gateway list (enabled by default)
     53# net.ipv4.conf.all.secure_redirects = 1
     54#
     55# Do not send ICMP redirects (we are not a router)
     56#net.ipv4.conf.all.send_redirects = 0
     57#
     58# Do not accept IP source route packets (we are not a router)
     59#net.ipv4.conf.all.accept_source_route = 0
     60#net.ipv6.conf.all.accept_source_route = 0
     61#
     62# Log Martian Packets
     63#net.ipv4.conf.all.log_martians = 1
     64#
     65# The contents of /proc/<pid>/maps and smaps files are only visible to
     66# readers that are allowed to ptrace() the process
     67# kernel.maps_protect = 1
Note: See TracChangeset for help on using the changeset viewer.