Hi,
Frank Neumann wrote:
> could anyone give a pointer to a comprehensive list which values to put
> in the files under /proc/sys/net/ipv4/* on a Linux box from a security
> view?
this is what I use:
-------
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $f
done
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
for f in /proc/sys/net/ipv4/conf/*/log_martians; do
echo 1 > $f
done
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 0 > $f
done
-------
It's up to you now to research the single params... feel free to ask
off-list if necessary.
HTH,
Enno Rey
ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax +49 6221 419008 - Mobil +49 173 6745902
www.ernw.de - PGP 585F B0B9 F429 35EF 73A4 BC33 8F4B A629 C181 2EF1
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
