-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 snowdog ha scritto: > > > da linea di comando con > # echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max lo puoi mettere all'inizio dell script di firewalling il mio ha per esempio queste righe
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter; fi if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ]; then echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses; fi if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]; then echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route; fi if [ -e /proc/sys/net/ipv4/tcp_ecn ]; then echo 0 > /proc/sys/net/ipv4/tcp_ecn; fi if [ -e /proc/sys/net/ipv4/conf/all/send_redirects ]; then echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects; fi if [ -e /proc/sys/net/ipv4/conf/all/secure_redirects ]; then echo 1 > /proc/sys/net/ipv4/conf/all/secure_redirects; fi if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ]; then echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi if [ -e /proc/sys/net/ipv4/netfilter/ip_ct_generic_timeout ]; then echo 120 > /proc/sys/net/ipv4/netfilter/ip_ct_generic_timeout; fi my 2 cents - -- Mario Vittorio Guenzi E-mail [EMAIL PROTECTED] Si vis pacem, para bellum -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIX8Jam6qs1ZkNrIoRAmFgAJ9nv+9IpdgjLo0nD6A32rYWoaKtsgCeK23v Qsv8vLBGd6+dARfO1VhwdZY= =tYTK -----END PGP SIGNATURE----- -- Per REVOCARE l'iscrizione alla lista, inviare un email a [EMAIL PROTECTED] con oggetto "unsubscribe". Per problemi inviare un email in INGLESE a [EMAIL PROTECTED] To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
