Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Scaricare il pdf (Pagina 72)

[ −e /proc/sys/net/ipv4/conf/all/log_martians ] &&\

echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

[ −e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ] &&\

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

[ −e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ] &&\

echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

## Optional from here on down, depending on your situation. ############

# Ensure ip−forwarding is enabled if

# we want to do forwarding or masquerading.

[ −e /proc/sys/net/ipv4/ip_forward ] &&\

echo 1 > /proc/sys/net/ipv4/ip_forward

# On if your IP is dynamic (or you don't know).

[ −e /proc/sys/net/ipv4/ip_dynaddr ] &&\

echo 1 > /proc/sys/net/ipv4/ip_dynaddr

# eof

The same effect by using /etc/sysctl.conf instead:

# Add to existing sysctl.conf

# Anti−spoofing blocks

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.all.rp_filter = 1

# Ensure source routing is OFF

net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.all.accept_source_route = 0

# Ensure TCP SYN cookies protection is enabled

net.ipv4.tcp_syncookies = 1

# Ensure ICMP redirects are disabled

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.all.accept_redirects = 0

# Ensure oddball addresses are logged

net.ipv4.conf.default.log_martians = 1

net.ipv4.conf.all.log_martians = 1

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

## Optional from here on down, depending on your situation. ############

# Ensure ip−forwarding is enabled if

# we want to do forwarding or masquerading.

net.ipv4.ip_forward = 1

# On if your IP is dynamic (or you don't know).

Security Quick−Start HOWTO for Red Hat Linux

8.8. Sysctl Options 69

1 2 ... 67 68 69 70 71 72 73 74 75 76 77 ... 81 82

Nessun commento

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 72