diff options
Diffstat (limited to 'etc/sysctl.d/99-sysctl.conf')
| -rw-r--r-- | etc/sysctl.d/99-sysctl.conf | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/etc/sysctl.d/99-sysctl.conf b/etc/sysctl.d/99-sysctl.conf index 6d21fda..3177c28 100644 --- a/etc/sysctl.d/99-sysctl.conf +++ b/etc/sysctl.d/99-sysctl.conf @@ -17,3 +17,16 @@ net.ipv4.tcp_mtu_probing = 1 net.core.default_qdisc = cake net.ipv4.tcp_congestion_control = bbr vm.vfs_cache_pressure = 50 + +# Network hardening +net.ipv4.conf.all.rp_filter = 2 +net.ipv4.conf.default.rp_filter = 2 +net.ipv4.conf.all.accept_redirects = 0 +net.ipv4.conf.default.accept_redirects = 0 +net.ipv6.conf.all.accept_redirects = 0 +net.ipv6.conf.default.accept_redirects = 0 +net.ipv4.conf.all.send_redirects = 0 +net.ipv4.conf.default.send_redirects = 0 +net.ipv4.conf.all.accept_source_route = 0 +net.ipv6.conf.all.accept_source_route = 0 +net.ipv4.conf.all.log_martians = 1 |