Hi, Frank Neumann wrote:
> could anyone give a pointer to a comprehensive list which values to put > in the files under /proc/sys/net/ipv4/* on a Linux box from a security > view? this is what I use: ------- echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done echo 1 > /proc/sys/net/ipv4/ip_always_defrag for f in /proc/sys/net/ipv4/conf/*/log_martians; do echo 1 > $f done for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f done ------- It's up to you now to research the single params... feel free to ask off-list if necessary. HTH, Enno Rey ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg Tel. +49 6221 480390 - Fax +49 6221 419008 - Mobil +49 173 6745902 www.ernw.de - PGP 585F B0B9 F429 35EF 73A4 BC33 8F4B A629 C181 2EF1 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls