diff options
author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-19 19:05:44 -0800 |
---|---|---|
committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-19 19:05:44 -0800 |
commit | 7c815f10af345ea6ddf8eab8c8d0ff84c8550769 (patch) | |
tree | a62e32e67a65f330d218efef6fc15390ab7d50bd /sysconf/vyatta-sysctl.conf | |
parent | 25c9c0a812b29bf6b6eb58ce166f6f30311892b9 (diff) | |
download | vyatta-cfg-system-7c815f10af345ea6ddf8eab8c8d0ff84c8550769.tar.gz vyatta-cfg-system-7c815f10af345ea6ddf8eab8c8d0ff84c8550769.zip |
Fix Bug 3951 default values for kernel tunable security parameters under firewall
Diffstat (limited to 'sysconf/vyatta-sysctl.conf')
-rw-r--r-- | sysconf/vyatta-sysctl.conf | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 736a7965..f1265e3b 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -30,3 +30,27 @@ net.ipv4.icmp_errors_use_inbound_ifaddr=1 # Enable packet forwarding for IPv6 net.ipv6.conf.all.forwarding=1 + +# Log packets with impossible addresses to kernel log +net.ipv4.conf.all.log_martians=1 + +# Do not ignore all ICMP ECHO requests by default +net.ipv4.icmp_echo_ignore_all=0 + +# Disable source validation by default +net.ipv4.conf.all.rp_filter=0 + +# Enable tcp syn-cookies by default +net.ipv4.tcp_syncookies=1 + +# Disable accept_redirects for all +net.ipv4.conf.all.accept_redirects=0 + +# Disable accept_redirects by default for any interface +net.ipv4.conf.default.accept_redirects=0 + +# Disable accept_source_route by default +net.ipv4.conf.all.accept_source_route=0 + +# Enable send_redirects by default +net.ipv4.conf.all.send_redirects=1 |