Annotation of embedaddon/strongswan/testing/hosts/default/etc/sysctl.conf, revision 1.1
1.1 ! misho 1: #
! 2: # /etc/sysctl.conf - Configuration file for setting system variables
! 3: # See /etc/sysctl.d/ for additional system variables
! 4: # See sysctl.conf (5) for information.
! 5: #
! 6:
! 7: #kernel.domainname = example.com
! 8:
! 9: # Uncomment the following to stop low-level messages on console
! 10: #kernel.printk = 3 4 1 3
! 11:
! 12: ##############################################################3
! 13: # Functions previously found in netbase
! 14: #
! 15:
! 16: # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
! 17: # Turn on Source Address Verification in all interfaces to
! 18: # prevent some spoofing attacks
! 19: #net.ipv4.conf.default.rp_filter=1
! 20: #net.ipv4.conf.all.rp_filter=1
! 21:
! 22: # Uncomment the next line to enable TCP/IP SYN cookies
! 23: # See http://lwn.net/Articles/277146/
! 24: # Note: This may impact IPv6 TCP sessions too
! 25: #net.ipv4.tcp_syncookies=1
! 26:
! 27: # Uncomment the next line to enable packet forwarding for IPv4
! 28: net.ipv4.ip_forward=1
! 29:
! 30: # Uncomment the next line to enable packet forwarding for IPv6
! 31: # Enabling this option disables Stateless Address Autoconfiguration
! 32: # based on Router Advertisements for this host
! 33: net.ipv6.conf.all.forwarding=1
! 34:
! 35:
! 36: ###################################################################
! 37: # Additional settings - these settings can improve the network
! 38: # security of the host and prevent against some network attacks
! 39: # including spoofing attacks and man in the middle attacks through
! 40: # redirection. Some network environments, however, require that these
! 41: # settings are disabled so review and enable them as needed.
! 42: #
! 43: # Do not accept ICMP redirects (prevent MITM attacks)
! 44: #net.ipv4.conf.all.accept_redirects = 0
! 45: #net.ipv6.conf.all.accept_redirects = 0
! 46: # _or_
! 47: # Accept ICMP redirects only for gateways listed in our default
! 48: # gateway list (enabled by default)
! 49: # net.ipv4.conf.all.secure_redirects = 1
! 50: #
! 51: # Do not send ICMP redirects (we are not a router)
! 52: #net.ipv4.conf.all.send_redirects = 0
! 53: #
! 54: # Do not accept IP source route packets (we are not a router)
! 55: #net.ipv4.conf.all.accept_source_route = 0
! 56: #net.ipv6.conf.all.accept_source_route = 0
! 57: #
! 58: # Log Martian Packets
! 59: #net.ipv4.conf.all.log_martians = 1
! 60:
! 61: # Enable coredump for suid binaries
! 62: fs.suid_dumpable = 1
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>