On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <[email protected]> wrote: > On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <[email protected]> > wrote: >> >> Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf >> that I obtained with the help of Jan and Dave on IRC. The unusefull >> stuff from the upstream config have been dropped and the rest has been >> commented out. I've also cleaned the syntax. > > > I'd change this comment to at least drop the silly ascii smiley face: > # makes you vulnerable or not :-) > and try to elaborate more, e.g. > # if not functioning as a router, there is no need to accept > redirects or source routes > > And maybe add the corresponding ipv6 settings too, since this is 2012.
Sure. I also got an email from a user who suggested to remove them (the accept_redirects and source_route) as well as the forwarding as they are are turned off by default. What do you think about that? I think we can keep them. The old procps sysctl.conf has the forward option and the redirect is probably a common option too. Eric > > -Dan
