diff options
author | ficus <ficus@robocracy.org> | 2012-11-23 19:18:56 +0100 |
---|---|---|
committer | ficus <ficus@robocracy.org> | 2012-11-23 19:18:56 +0100 |
commit | 6d09271d70fa528b1e546dad0d6f5d1697e5c027 (patch) | |
tree | 3c13bef864c736a4db6f3bf4ae26fc0560aabc85 | |
parent | 2c2bfbecdb58042acb89fa4b2831d56a534c908a (diff) | |
download | torouter-live-6d09271d70fa528b1e546dad0d6f5d1697e5c027.tar.gz torouter-live-6d09271d70fa528b1e546dad0d6f5d1697e5c027.zip |
add IPv6 randomization and misc spoofing protections
-rw-r--r-- | config/includes.chroot/etc/sysctl.conf | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/config/includes.chroot/etc/sysctl.conf b/config/includes.chroot/etc/sysctl.conf index 916e972..b8460d0 100644 --- a/config/includes.chroot/etc/sysctl.conf +++ b/config/includes.chroot/etc/sysctl.conf @@ -3,3 +3,18 @@ vm.laptop_mode=5 vm.swappiness=0 vm.dirty_writeback_centisecs=1500 vm.dirty_expire_centisecs=1500 + +# Use randomized addresses for IPv6 +net.ipv6.conf.all.use_tempaddr=2 +net.ipv6.conf.default.use_tempaddr=2 + +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +net.ipv4.conf.all.secure_redirects = 1 + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +net.ipv4.conf.default.rp_filter=1 +net.ipv4.conf.all.rp_filter=1 + |