From 7c815f10af345ea6ddf8eab8c8d0ff84c8550769 Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Thu, 19 Feb 2009 19:05:44 -0800
Subject: Fix Bug 3951 default values for kernel tunable security parameters
 under firewall

---
 sysconf/vyatta-sysctl.conf | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'sysconf')

diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index 736a7965..f1265e3b 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -30,3 +30,27 @@ net.ipv4.icmp_errors_use_inbound_ifaddr=1
 
 # Enable packet forwarding for IPv6
 net.ipv6.conf.all.forwarding=1
+
+# Log packets with impossible addresses to kernel log
+net.ipv4.conf.all.log_martians=1
+
+# Do not ignore all ICMP ECHO requests by default
+net.ipv4.icmp_echo_ignore_all=0
+
+# Disable source validation by default
+net.ipv4.conf.all.rp_filter=0
+
+# Enable tcp syn-cookies by default
+net.ipv4.tcp_syncookies=1
+
+# Disable accept_redirects for all
+net.ipv4.conf.all.accept_redirects=0
+
+# Disable accept_redirects by default for any interface
+net.ipv4.conf.default.accept_redirects=0
+
+# Disable accept_source_route by default
+net.ipv4.conf.all.accept_source_route=0
+
+# Enable send_redirects by default
+net.ipv4.conf.all.send_redirects=1
-- 
cgit v1.2.3