gitolite/c3d2-wiki
gitolite/c3d2-wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

/* sysctl */

Browse Source
This commit is contained in:
Blotter 2013-04-22 23:39:09 +00:00
parent 696c14a45b
commit d82aa0600c
1 changed files with 27 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Wetu%2FLog.mw
View File

@ -229,31 +229,33 @@
=== sysctl ===
* /etc/sysctl.d/local.conf
** # Enables packet forwarding
** net.ipv4.ip_forward = 1
** # Enables source route verification
** net.ipv4.conf.default.rp_filter = 1
** # Enables reverse path
** net.ipv4.conf.all.rp_filter = 1
** # Ignorieren von broadcast pings
** net.ipv4.icmp_echo_ignore_broadcasts = 1
** # Sperren von quellbasierendem Paket-Routing
** net.ipv4.conf.all.accept_source_route = 0
** # Annahme von Umleitungen verweigern
** net.ipv4.conf.all.accept_redirects = 0
** # Schutz gegen falsche Fehlermeldungen
** net.ipv4.icmp_ignore_bogus_error_responses = 1
** # Protokollieren aller Pakete die gespoofed sind, quellbasierendes Routing haben oder umleiten
** net.ipv4.conf.all.log_martians = 1
** # kernel:_Neighbour_table_overflow
** net.ipv6.neigh.default.gc_thresh1 = 512
** # 2 * gc_thresh1
** net.ipv6.neigh.default.gc_thresh2 = 2048
** # 2 * gc_thresh2
** net.ipv6.neigh.default.gc_thresh3 = 4096
** # disable iptables traffic in the bridge
** net.bridge.bridge-nf-call-ip6tables = 0
** net.bridge.bridge-nf-call-iptables = 0
<code>
# Enables packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Enables reverse path
net.ipv4.conf.all.rp_filter = 1
# Ignorieren von broadcast pings
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Sperren von quellbasierendem Paket-Routing
net.ipv4.conf.all.accept_source_route = 0
# Annahme von Umleitungen verweigern
net.ipv4.conf.all.accept_redirects = 0
# Schutz gegen falsche Fehlermeldungen
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Protokollieren aller Pakete die gespoofed sind, quellbasierendes Routing haben oder umleiten
net.ipv4.conf.all.log_martians = 1
# kernel:_Neighbour_table_overflow
net.ipv6.neigh.default.gc_thresh1 = 512
# 2 * gc_thresh1
net.ipv6.neigh.default.gc_thresh2 = 2048
# 2 * gc_thresh2
net.ipv6.neigh.default.gc_thresh3 = 4096
# disable iptables traffic in the bridge
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
</code>
=== iptables ===
* MASQUERADE fehlt