1
0
mirror of https://github.com/tonusoo/koduinternet-cpe synced 2024-11-23 19:41:01 +02:00
koduinternet-cpe/conf/etc/sysctl.conf

86 lines
3.0 KiB
Plaintext
Raw Normal View History

2023-06-15 17:55:10 +03:00
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
# Disable IPv6 on IPTV VLAN-interface.
net.ipv6.conf.wan0/4.disable_ipv6=1
# Disable IPv6 on Telia mobile broadband interface.
net.ipv6.conf.wwan0.disable_ipv6=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
# By default the ICMP "echo reply" messages are not
# rate limited. Adjust the "icmp_ratemask" as router
# is pingable from the Internet and relax the minimal
# space between responses to 0.1s.
# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
net.ipv4.icmp_ratemask=88089
net.ipv4.icmp_ratelimit=100
###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
# for what other values do
#kernel.sysrq=438
# Ignore routes whose link is down when performing a FIB lookup.
# This ensures instant failover from wan0 to wwan0 and vice versa.
net.ipv4.conf.wan0.ignore_routes_with_linkdown=1
net.ipv4.conf.wwan0.ignore_routes_with_linkdown=1