aboutsummaryrefslogtreecommitdiffstats
path: root/config/includes.chroot/etc/sysctl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'config/includes.chroot/etc/sysctl.conf')
-rw-r--r--config/includes.chroot/etc/sysctl.conf15
1 files changed, 15 insertions, 0 deletions
diff --git a/config/includes.chroot/etc/sysctl.conf b/config/includes.chroot/etc/sysctl.conf
index 916e972..b8460d0 100644
--- a/config/includes.chroot/etc/sysctl.conf
+++ b/config/includes.chroot/etc/sysctl.conf
@@ -3,3 +3,18 @@ vm.laptop_mode=5
vm.swappiness=0
vm.dirty_writeback_centisecs=1500
vm.dirty_expire_centisecs=1500
+
+# Use randomized addresses for IPv6
+net.ipv6.conf.all.use_tempaddr=2
+net.ipv6.conf.default.use_tempaddr=2
+
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+net.ipv4.conf.all.secure_redirects = 1
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+net.ipv4.conf.default.rp_filter=1
+net.ipv4.conf.all.rp_filter=1
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-28 23:07:11 +0000