From 750367a9066ca2a0ff819b438a92cb1f6c325edb Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Thu, 19 Dec 2024 10:29:56 +0000
Subject: [PATCH 1/2] Set `net.ipv4.conf.*.shared_media=0`

---
 README.md                               | 4 ++--
 usr/lib/sysctl.d/990-security-misc.conf | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index df12ba2..7f35178 100644
--- a/README.md
+++ b/README.md
@@ -102,8 +102,8 @@ Networking:
 - Disable ICMP redirect acceptance and redirect sending messages to prevent
   man-in-the-middle attacks and minimize information disclosure.
 
-- Optional - Deny sending and receiving shared media redirects to reduce
-  the risk of IP spoofing attacks.
+- Deny sending and receiving shared media redirects to reduce  the risk of IP
+  spoofing attacks.
 
 - Optional - Enable ARP filtering to mitigate some ARP spoofing and ARP
   cache poisoning attacks.
diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 4cf6bb6..30fe4f6 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -451,7 +451,7 @@ net.ipv6.conf.*.accept_redirects=0
 ## https://datatracker.ietf.org/doc/html/rfc1620
 ## https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/theconfvariables.html
 ##
-#net.ipv4.conf.*.shared_media=0
+net.ipv4.conf.*.shared_media=0
 
 ## Enable ARP (Address Resolution Protocol) filtering.
 ## Prevents the Linux kernel from handling the ARP table globally

From 5e3785d76e616f49407e720b37138f35a50fe4fb Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Wed, 8 Jan 2025 18:35:52 +1100
Subject: [PATCH 2/2] README.md: Remove double space

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7f35178..3df75fb 100644
--- a/README.md
+++ b/README.md
@@ -102,7 +102,7 @@ Networking:
 - Disable ICMP redirect acceptance and redirect sending messages to prevent
   man-in-the-middle attacks and minimize information disclosure.
 
-- Deny sending and receiving shared media redirects to reduce  the risk of IP
+- Deny sending and receiving shared media redirects to reduce the risk of IP
   spoofing attacks.
 
 - Optional - Enable ARP filtering to mitigate some ARP spoofing and ARP