From a80f0eaeb3b3a3591d1e00866a36dc51d89e26f0 Mon Sep 17 00:00:00 2001
From: bnewbold <bnewbold@robocracy.org>
Date: Sun, 25 Aug 2013 03:49:31 +0000
Subject: novena debian: skeleton router sysctl settings

---
 polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf   | 8 ++++++++
 polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf   | 4 ++++
 polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf | 5 +++++
 3 files changed, 17 insertions(+)
 create mode 100644 polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf
 create mode 100644 polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf
 create mode 100644 polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf

diff --git a/polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf b/polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf
new file mode 100644
index 000000000..43598fde6
--- /dev/null
+++ b/polystrap/novena/root/etc/sysctl.d/50-ip-forwarding.conf
@@ -0,0 +1,8 @@
+# Uncomment the next line to enable packet forwarding for IPv4
+# Enable for router, disable for laptop
+#net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+#net.ipv6.conf.all.forwarding=1
diff --git a/polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf b/polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf
new file mode 100644
index 000000000..5a9d70051
--- /dev/null
+++ b/polystrap/novena/root/etc/sysctl.d/51-ipv6-tempaddr.conf
@@ -0,0 +1,4 @@
+# Enable for (more) privacy with laptops
+# Disable for router
+#net.ipv6.conf.all.use_tempaddr=2
+#net.ipv6.conf.default.use_tempaddr=2
diff --git a/polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf b/polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf
new file mode 100644
index 000000000..9d1daa83d
--- /dev/null
+++ b/polystrap/novena/root/etc/sysctl.d/52-misc-networking.conf
@@ -0,0 +1,5 @@
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
-- 
cgit v1.2.3