path: root/sysconf/vyatta-sysctl.conf

#
# Vyatta router specific sysctl settings.
# See sysctl.conf (5) for information.
#

# Panic on OOPS
kernel.panic_on_oops=1

# Timeout before rebooting on panic
kernel.panic=60

# Only answer ARP requests on same subnet
net.ipv4.conf.default.arp_filter=1
net.ipv4.conf.default.arp_ignore=1

# avoid local addresses that are not in the target's subnet for this interface
net.ipv4.conf.default.arp_announce=1

# Enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# if a primary address is removed from an interface promote the
# secondary address if available
net.ipv4.conf.all.promote_secondaries=1

# Ignore ICMP broadcasts sent to broadcast/multicast
net.ipv4.icmp_echo_ignore_broadcasts=1

# Ignore bogus ICMP errors
net.ipv4.icmp_ignore_bogus_error_responses=1

# Send ICMP responses with primary address of exiting interface
net.ipv4.icmp_errors_use_inbound_ifaddr=1

# Log packets with impossible addresses to kernel log
net.ipv4.conf.all.log_martians=1

# Do not ignore all ICMP ECHO requests by default
net.ipv4.icmp_echo_ignore_all=0

# Disable source validation by default
net.ipv4.conf.all.rp_filter=0

# Enable tcp syn-cookies by default
net.ipv4.tcp_syncookies=1

# Disable accept_redirects for all
net.ipv4.conf.all.accept_redirects=0

# Disable accept_redirects by default for any interface
net.ipv4.conf.default.accept_redirects=0

# Disable accept_source_route by default
net.ipv4.conf.all.accept_source_route=0

# Enable send_redirects by default
net.ipv4.conf.all.send_redirects=1

# IPv6 parameters:

# Enable packet forwarding for IPv6
net.ipv6.conf.all.forwarding=1

# Disable ipv6 accept_source_route by default
net.ipv6.conf.default.accept_source_route=-1

# Disable ipv6 accept_redirects by default
net.ipv6.conf.default.accept_redirects=0

# Keep address when interface goes down
net.ipv6.conf.default.address_flush=0