aboutsummaryrefslogtreecommitdiffstats
path: root/files/etc/sysctl.d/local.conf
diff options
context:
space:
mode:
authorMohammed Amar-Bensaber <renken@shione.net>2024-08-27 22:22:06 +0200
committerMohammed Amar-Bensaber <renken@shione.net>2024-08-27 22:22:06 +0200
commit3ef40e24e481a9dd8ecbace66506b686a4ec3c4e (patch)
treebc486a5bc4fcc13cfc4d93ce957dc72a0d34c4a0 /files/etc/sysctl.d/local.conf
parent9a6e5684faea822196b88ecf98cf28e42b832a75 (diff)
downloadshione-3ef40e24e481a9dd8ecbace66506b686a4ec3c4e.tar.gz
shione-3ef40e24e481a9dd8ecbace66506b686a4ec3c4e.zip
wireguard: init config package
Diffstat (limited to 'files/etc/sysctl.d/local.conf')
-rw-r--r--files/etc/sysctl.d/local.conf67
1 files changed, 67 insertions, 0 deletions
diff --git a/files/etc/sysctl.d/local.conf b/files/etc/sysctl.d/local.conf
new file mode 100644
index 0000000..cdb2b10
--- /dev/null
+++ b/files/etc/sysctl.d/local.conf
@@ -0,0 +1,67 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+###################################################################
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+# Enabling this option disables Stateless Address Autoconfiguration
+# based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all, >1 bitmask of sysrq functions
+# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
+# for what other values do
+#kernel.sysrq=438