diff options
author | Mohammed Amar-Bensaber <renken@shione.net> | 2024-08-27 22:22:06 +0200 |
---|---|---|
committer | Mohammed Amar-Bensaber <renken@shione.net> | 2024-08-27 22:22:06 +0200 |
commit | 3ef40e24e481a9dd8ecbace66506b686a4ec3c4e (patch) | |
tree | bc486a5bc4fcc13cfc4d93ce957dc72a0d34c4a0 /files/etc/sysctl.d | |
parent | 9a6e5684faea822196b88ecf98cf28e42b832a75 (diff) | |
download | shione-3ef40e24e481a9dd8ecbace66506b686a4ec3c4e.tar.gz shione-3ef40e24e481a9dd8ecbace66506b686a4ec3c4e.zip |
wireguard: init config package
Diffstat (limited to 'files/etc/sysctl.d')
-rw-r--r-- | files/etc/sysctl.d/local.conf | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/files/etc/sysctl.d/local.conf b/files/etc/sysctl.d/local.conf new file mode 100644 index 0000000..cdb2b10 --- /dev/null +++ b/files/etc/sysctl.d/local.conf @@ -0,0 +1,67 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +################################################################### +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all, >1 bitmask of sysrq functions +# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html +# for what other values do +#kernel.sysrq=438 |