# Kernel sysctl configuration file for Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # The following line is necessary for GFS to function properly. kernel.panic_on_oops = 1 # Additional settings by WP 8/4/05: # Disables replies to broadcast ICMP echo (ping), to # prevent a common DoS attack: net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable all source routing and ICMP redirects: net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 # Enable source route verification: net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1 # Disable ipv6 (except on lo): net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.eth0.autoconf = 0 net.ipv6.conf.lo.autoconf = 1