novena debian: skeleton router sysctl settings

3 files changed, 17 insertions, 0 deletions

diff --git a/polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf b/polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf
new file mode 100644
index 000000000..43598fde6
--- /dev/null
+++ b/polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf
@@ -0,0 +1,8 @@
+# Uncomment the next line to enable packet forwarding for IPv4
+# Enable for router, disable for laptop
+#net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+#net.ipv6.conf.all.forwarding=1
diff --git a/polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf b/polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf
new file mode 100644
index 000000000..5a9d70051
--- /dev/null
+++ b/polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf
@@ -0,0 +1,4 @@
+# Enable for (more) privacy with laptops
+# Disable for router
+#net.ipv6.conf.all.use_tempaddr=2
+#net.ipv6.conf.default.use_tempaddr=2
diff --git a/polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf b/polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf
new file mode 100644
index 000000000..9d1daa83d
--- /dev/null
+++ b/polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf
@@ -0,0 +1,5 @@
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1