Menu
▾
▴
[Devil-Linux-discuss] /etc/sysctl.conf.SAMPLE for next DL release?
|
From: Kari M. <kar...@tr...> - 2006-08-16 21:50:14
|
Hello! Please find a documented sample /etc/sysctl.conf file below. It actually changes some values to more safe direction. As DL init already processes sysctl.conf if it exists, one can enable it by just renaming it. If you find it useful, please include it in DL. #------ # /etc/sysctl.conf # A note on interfaces: # ..conf.all.. denotes all current and future interfaces # ..conf.default.. denotes all future interfaces # ..conf.xxx.. denotes that specified interface # If this is a proxyarp firewall, you have to enable (1) proxyarp # on selected interfaces. Otherwise, leave it all disabled (0). net.ipv4.conf.all.proxy_arp = 0 #net.ipv4.conf.eth0.proxy_arp = 1 #net.ipv4.conf.eth2.proxy_arp = 1 # Enable (0) or disable (1) replying to normal pings. net.ipv4.icmp_echo_ignore_all = 0 # Enable (0) or disable (1) replying to broadcast and multicast pings. net.ipv4.icmp_echo_ignore_broadcasts = 1 # Enable (1) normally; disable (0) on some special, complex firewalls. net.ipv4.conf.all.rp_filter = 1 # There is really no need for source routes due to security. net.ipv4.conf.all.accept_source_route = 0 # There is really no need to accept redirects due to security. net.ipv4.conf.all.accept_redirects = 0 # There is really no need to accept redirects due to security. net.ipv4.conf.all.secure_redirects = 0 # Enable (1) only on some rare router/firewall setups. net.ipv4.conf.all.send_redirects = 0 # Enable (1) only on a firewall/router; disable (0) otherwise. net.ipv4.ip_forward = 1 # Enable (1) or disable (0) logging packets which are received with # illegal source address; internal IP coming in from outside etc. net.ipv4.conf.all.log_martians = 1 #net.ipv4.conf.default.log_martians = 1 #net.ipv4.conf.eth0.log_martians = 1 #net.ipv4.conf.eth1.log_martians = 1 # Enable (1) or disable (0) TCP SYN cookie protection. net.ipv4.tcp_syncookies = 1 # TCP FIN handshaking phase timeout in seconds. net.ipv4.tcp_fin_timeout = 20 # Keep TCP connections open, they might auto close otherwise. net.ipv4.tcp_keepalive_intvl = 60 #------ //Kari Mattsson |
