blob: 870703221174db981748d860deed24117a2d4b0a [file] [log] [blame]
Scott Baker761e1062016-06-20 17:18:17 -07001#
2# Configuration file for setting network variables. Please note these settings
3# override /etc/sysctl.conf. If you prefer to use /etc/sysctl.conf, please
4# adjust IPT_SYSCTL in /etc/default/ufw.
5#
6
7# Uncomment this to allow this host to route packets between interfaces
8#net/ipv4/ip_forward=1
9#net/ipv6/conf/default/forwarding=1
10#net/ipv6/conf/all/forwarding=1
11
12# Turn on Source Address Verification in all interfaces to prevent some
13# spoofing attacks
14net/ipv4/conf/default/rp_filter=1
15net/ipv4/conf/all/rp_filter=1
16
17# Do not accept IP source route packets (we are not a router)
18net/ipv4/conf/default/accept_source_route=0
19net/ipv4/conf/all/accept_source_route=0
20net/ipv6/conf/default/accept_source_route=0
21net/ipv6/conf/all/accept_source_route=0
22
23# Disable ICMP redirects. ICMP redirects are rarely used but can be used in
24# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate
25# traffic to those sites.
26net/ipv4/conf/default/accept_redirects=0
27net/ipv4/conf/all/accept_redirects=0
28net/ipv6/conf/default/accept_redirects=0
29net/ipv6/conf/all/accept_redirects=0
30
31# Ignore bogus ICMP errors
32net/ipv4/icmp_echo_ignore_broadcasts=1
33net/ipv4/icmp_ignore_bogus_error_responses=1
34net/ipv4/icmp_echo_ignore_all=0
35
36# Don't log Martian Packets (impossible packets)
37net/ipv4/conf/default/log_martians=0
38net/ipv4/conf/all/log_martians=0
39
40# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
41# (http://lkml.org/lkml/2008/2/5/167)
42net/ipv4/tcp_syncookies=0
43
44#net/ipv4/tcp_fin_timeout=30
45#net/ipv4/tcp_keepalive_intvl=1800
46
47# normally allowing tcp_sack is ok, but if going through OpenBSD 3.8 RELEASE or
48# earlier pf firewall, should set this to 0
49net/ipv4/tcp_sack=1
50
51# Uncomment this to turn off ipv6 autoconfiguration
52#net/ipv6/conf/default/autoconf=0
53#net/ipv6/conf/all/autoconf=0
54
55# Uncomment this to enable ipv6 privacy addressing
56#net/ipv6/conf/default/use_tempaddr=2
57#net/ipv6/conf/all/use_tempaddr=2