Parameteters of the kernel can be changed (by root) by editing
the writable files under /proc/sys.
(Not all files are writable, some just report information from
the kernel.)
A typical action looks like this:
# cd /proc/sys/net/ipv4 # cat ip_forward 0 # echo 1 > ip_forward #
The above commands show that the kernal was not acting as a router, but now it is.
On some Unixes you put these sort of echo commands in
some bootup script such as rc.local.
However Linux has a neat way to manage these, from the
file /etc/sysctl.conf.
You can edit this file to change settings at boot time.
You can also run the "sysctl" command to make
changes or to examine the settings.
In this file you can have blank lines, comments
(lines starting with "#" are comments), and
lines of the form:
parameter = value
Where parameter is the absolute pathname
of the file to change, minus a leading /proc/sys/,
and with slashes ("/") changed to periods
(".").
For example the change shown above to enable routing (packet forwarding)
would like like this in the sysctl.conf file:
# Turn on IP packet forwarding: net.ipv4.ip_forward = 1
Some of the security parameters of the Linux 2.6 kernel are shown below,
in a sample sysctl.conf snippit I copied
from YborStudent:
# Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disables replies to broadcast ICMP echo (ping), to # prevent a common DoS attack: net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable all source routing and ICMP redirects: net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 # Enable (basic) source IP address verification: net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1