Menu
▾
▴
Re: [Devil-Linux-discuss] /etc/sysctl.conf.SAMPLE for next DL release?
|
From: Heiko Z. <he...@zu...> - 2006-09-08 14:16:22
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I added a little less restrictive version as default to DL. Thanks for the submission. Heiko On Wed, August 16, 2006 16:49, Kari Mattsson wrote: > > Hello! > > > Please find a documented sample /etc/sysctl.conf file below. > It actually changes some values to more safe direction. > > > As DL init already processes sysctl.conf if it exists, one can enable it > by just renaming it. > > If you find it useful, please include it in DL. > > > > #------ > > > > # /etc/sysctl.conf > > > # A note on interfaces: > # ..conf.all.. denotes all current and future interfaces > # ..conf.default.. denotes all future interfaces > # ..conf.xxx.. denotes that specified interface > > > # If this is a proxyarp firewall, you have to enable (1) proxyarp > # on selected interfaces. Otherwise, leave it all disabled (0). > net.ipv4.conf.all.proxy_arp = 0 #net.ipv4.conf.eth0.proxy_arp = 1 > #net.ipv4.conf.eth2.proxy_arp = 1 > > > # Enable (0) or disable (1) replying to normal pings. > net.ipv4.icmp_echo_ignore_all = 0 > > # Enable (0) or disable (1) replying to broadcast and multicast pings. > net.ipv4.icmp_echo_ignore_broadcasts = 1 > > # Enable (1) normally; disable (0) on some special, complex firewalls. > net.ipv4.conf.all.rp_filter = 1 > > # There is really no need for source routes due to security. > net.ipv4.conf.all.accept_source_route = 0 > > # There is really no need to accept redirects due to security. > net.ipv4.conf.all.accept_redirects = 0 > > # There is really no need to accept redirects due to security. > net.ipv4.conf.all.secure_redirects = 0 > > # Enable (1) only on some rare router/firewall setups. > net.ipv4.conf.all.send_redirects = 0 > > # Enable (1) only on a firewall/router; disable (0) otherwise. > net.ipv4.ip_forward = 1 > > # Enable (1) or disable (0) logging packets which are received with > # illegal source address; internal IP coming in from outside etc. > net.ipv4.conf.all.log_martians = 1 #net.ipv4.conf.default.log_martians = 1 > #net.ipv4.conf.eth0.log_martians = 1 > #net.ipv4.conf.eth1.log_martians = 1 > > > # Enable (1) or disable (0) TCP SYN cookie protection. > net.ipv4.tcp_syncookies = 1 > > # TCP FIN handshaking phase timeout in seconds. > net.ipv4.tcp_fin_timeout = 20 > > # Keep TCP connections open, they might auto close otherwise. > net.ipv4.tcp_keepalive_intvl = 60 > > > > #------ > > > > //Kari Mattsson > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? Get stuff done quickly with pre-integrated technology to make > your job easier Download IBM WebSphere Application Server v.1.0.1 based on > Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > - -- Regards Heiko Zuerker http://www.devil-linux.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iEYEARECAAYFAkUBeygACgkQUcytMSbs+YVZ3wCfc5LGj3tkld48v334zxAI+zcJ 4RYAmgNNMsIqaFwP3OPhoD9i15LcBcDF =JX96 -----END PGP SIGNATURE----- |
