Sha256: 0ddcb3772bce55100667fd82210dc89a82a26f3838ef40468f4489a7b2f7b2fa
Contents?: true
Size: 1.61 KB
Versions: 11
Compression:
Stored size: 1.61 KB
Contents
# https://wiki.archlinux.org/title/Sysctl#TCP/IP_stack_hardening # https://github.com/trimstray/the-practical-linux-hardening-guide/wiki/Network-stack # TCP SYN cookie protection net.ipv4.tcp_syncookies = 1 # TCP rfc1337 net.ipv4.tcp_rfc1337 = 1 # Reverse path filtering net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 # Log martian packets net.ipv4.conf.default.log_martians = 1 net.ipv4.conf.all.log_martians = 1 # Disable ICMP redirects net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 # Disable IP source routing net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_source_route = 0 # Ignore ICMP echo requests net.ipv4.icmp_echo_ignore_all = 1 net.ipv6.icmp.echo_ignore_all = 1 # Ignoring broadcasts request net.ipv4.icmp_echo_ignore_broadcasts = 1 # An illicit router advertisement message could result in a man-in-the-middle attack. net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.all.accept_ra = 0 # Ignore bogus ICMP error responses net.ipv4.icmp_ignore_bogus_error_responses = 1 # ICMP redirects net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 # Accepting secure redirects net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 # IP forwarding net.ipv4.ip_forward = 0 # Sending ICMP redirects net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.send_redirects = 0 # Keep sockets in FIN-WAIT-2 state net.ipv4.tcp_fin_timeout = 30 # Keepalive packets to keep an connection alive net.ipv4.tcp_keepalive_time = 180 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 3
Version data entries
11 entries across 11 versions & 1 rubygems