Changeset 1003 for lvs/debian/config/etc
- Timestamp:
- Mar 5, 2009, 8:55:30 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
lvs/debian/config/etc/sysctl.conf
r568 r1003 1 1 # 2 2 # /etc/sysctl.conf - Configuration file for setting system variables 3 # See /etc/sysctl.d/ for additonal system variables 3 4 # See sysctl.conf (5) for information. 4 5 # 5 6 6 7 #kernel.domainname = example.com 7 #net/ipv4/icmp_echo_ignore_broadcasts=18 8 9 9 # Uncomment the following to stop low-level messages on console … … 14 14 # 15 15 16 # Uncomment the next line to enable Spoof protection (reverse-path filter) 16 # Uncomment the next two lines to enable Spoof protection (reverse-path filter) 17 # Turn on Source Address Verification in all interfaces to 18 # prevent some spoofing attacks 17 19 #net.ipv4.conf.default.rp_filter=1 20 #net.ipv4.conf.all.rp_filter=1 18 21 19 22 # Uncomment the next line to enable TCP/IP SYN cookies 23 # This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167), 24 # and is not recommended. 20 25 #net.ipv4.tcp_syncookies=1 21 26 22 27 # Uncomment the next line to enable packet forwarding for IPv4 23 net.ipv4. conf.default.forwarding=128 net.ipv4.ip_forward=1 24 29 25 30 # Uncomment the next line to enable packet forwarding for IPv6 26 #net.ipv6.conf.default.forwarding=1 31 #net.ipv6.conf.all.forwarding=1 32 33 34 ################################################################### 35 # Additional settings - these settings can improve the network 36 # security of the host and prevent against some network attacks 37 # including spoofing attacks and man in the middle attacks through 38 # redirection. Some network environments, however, require that these 39 # settings are disabled so review and enable them as needed. 40 # 41 # Ignore ICMP broadcasts 42 #net.ipv4.icmp_echo_ignore_broadcasts = 1 43 # 44 # Ignore bogus ICMP errors 45 #net.ipv4.icmp_ignore_bogus_error_responses = 1 46 # 47 # Do not accept ICMP redirects (prevent MITM attacks) 48 #net.ipv4.conf.all.accept_redirects = 0 49 #net.ipv6.conf.all.accept_redirects = 0 50 # _or_ 51 # Accept ICMP redirects only for gateways listed in our default 52 # gateway list (enabled by default) 53 # net.ipv4.conf.all.secure_redirects = 1 54 # 55 # Do not send ICMP redirects (we are not a router) 56 #net.ipv4.conf.all.send_redirects = 0 57 # 58 # Do not accept IP source route packets (we are not a router) 59 #net.ipv4.conf.all.accept_source_route = 0 60 #net.ipv6.conf.all.accept_source_route = 0 61 # 62 # Log Martian Packets 63 #net.ipv4.conf.all.log_martians = 1 64 # 65 # The contents of /proc/<pid>/maps and smaps files are only visible to 66 # readers that are allowed to ptrace() the process 67 # kernel.maps_protect = 1
Note: See TracChangeset
for help on using the changeset viewer.