summaryrefslogtreecommitdiff
path: root/sysconf/vyatta-sysctl.conf
diff options
context:
space:
mode:
authorMohit Mehta <mohit.mehta@vyatta.com>2009-02-19 19:05:44 -0800
committerMohit Mehta <mohit.mehta@vyatta.com>2009-02-19 19:05:44 -0800
commit7c815f10af345ea6ddf8eab8c8d0ff84c8550769 (patch)
treea62e32e67a65f330d218efef6fc15390ab7d50bd /sysconf/vyatta-sysctl.conf
parent25c9c0a812b29bf6b6eb58ce166f6f30311892b9 (diff)
downloadvyatta-cfg-system-7c815f10af345ea6ddf8eab8c8d0ff84c8550769.tar.gz
vyatta-cfg-system-7c815f10af345ea6ddf8eab8c8d0ff84c8550769.zip
Fix Bug 3951 default values for kernel tunable security parameters under firewall
Diffstat (limited to 'sysconf/vyatta-sysctl.conf')
-rw-r--r--sysconf/vyatta-sysctl.conf24
1 files changed, 24 insertions, 0 deletions
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index 736a7965..f1265e3b 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -30,3 +30,27 @@ net.ipv4.icmp_errors_use_inbound_ifaddr=1
# Enable packet forwarding for IPv6
net.ipv6.conf.all.forwarding=1
+
+# Log packets with impossible addresses to kernel log
+net.ipv4.conf.all.log_martians=1
+
+# Do not ignore all ICMP ECHO requests by default
+net.ipv4.icmp_echo_ignore_all=0
+
+# Disable source validation by default
+net.ipv4.conf.all.rp_filter=0
+
+# Enable tcp syn-cookies by default
+net.ipv4.tcp_syncookies=1
+
+# Disable accept_redirects for all
+net.ipv4.conf.all.accept_redirects=0
+
+# Disable accept_redirects by default for any interface
+net.ipv4.conf.default.accept_redirects=0
+
+# Disable accept_source_route by default
+net.ipv4.conf.all.accept_source_route=0
+
+# Enable send_redirects by default
+net.ipv4.conf.all.send_redirects=1