mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-02-06 09:09:29 +07:00
Add some IPv6 options
This commit is contained in:
flawedworld
GitHub
parent
944fed3c45
commit
8f7727e823
@ -82,6 +82,8 @@ net.ipv6.conf.default.accept_redirects=0
|
|||||||
## Disables ICMP redirect sending.
|
## Disables ICMP redirect sending.
|
||||||
net.ipv4.conf.all.send_redirects=0
|
net.ipv4.conf.all.send_redirects=0
|
||||||
net.ipv4.conf.default.send_redirects=0
|
net.ipv4.conf.default.send_redirects=0
|
||||||
|
net.ipv6.conf.all.accept_redirects=0
|
||||||
|
net.ipv6.conf.default.accept_redirects=0
|
||||||
|
|
||||||
## Ignores ICMP requests.
|
## Ignores ICMP requests.
|
||||||
net.ipv4.icmp_echo_ignore_all=1
|
net.ipv4.icmp_echo_ignore_all=1
|
||||||
@ -92,6 +94,8 @@ net.ipv4.tcp_syncookies=1
|
|||||||
## Disable source routing.
|
## Disable source routing.
|
||||||
net.ipv4.conf.all.accept_source_route=0
|
net.ipv4.conf.all.accept_source_route=0
|
||||||
net.ipv4.conf.default.accept_source_route=0
|
net.ipv4.conf.default.accept_source_route=0
|
||||||
|
net.ipv6.conf.all.accept_source_route=0
|
||||||
|
net.ipv6.conf.default.accept_source_route=0
|
||||||
|
|
||||||
## Enable reverse path filtering to prevent IP spoofing and
|
## Enable reverse path filtering to prevent IP spoofing and
|
||||||
## mitigate vulnerabilities such as CVE-2019-14899.
|
## mitigate vulnerabilities such as CVE-2019-14899.
|
||||||
@ -149,3 +153,8 @@ vm.swappiness=1
|
|||||||
## Disallow kernel profiling by users without CAP_SYS_ADMIN
|
## Disallow kernel profiling by users without CAP_SYS_ADMIN
|
||||||
## https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
|
## https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
|
||||||
kernel.perf_event_paranoid=3
|
kernel.perf_event_paranoid=3
|
||||||
|
|
||||||
|
# Do not accept router advertisments
|
||||||
|
net.ipv6.conf.all.accept_ra=0
|
||||||
|
net.ipv6.conf.default.accept_ra=0
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user