mirror of
https://github.com/tonusoo/koduinternet-cpe
synced 2024-11-14 15:20:59 +02:00
86 lines
3.0 KiB
Plaintext
86 lines
3.0 KiB
Plaintext
|
#
|
||
|
# /etc/sysctl.conf - Configuration file for setting system variables
|
||
|
# See /etc/sysctl.d/ for additional system variables.
|
||
|
# See sysctl.conf (5) for information.
|
||
|
#
|
||
|
|
||
|
#kernel.domainname = example.com
|
||
|
|
||
|
# Uncomment the following to stop low-level messages on console
|
||
|
#kernel.printk = 3 4 1 3
|
||
|
|
||
|
##############################################################3
|
||
|
# Functions previously found in netbase
|
||
|
#
|
||
|
|
||
|
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||
|
# Turn on Source Address Verification in all interfaces to
|
||
|
# prevent some spoofing attacks
|
||
|
#net.ipv4.conf.default.rp_filter=1
|
||
|
#net.ipv4.conf.all.rp_filter=1
|
||
|
|
||
|
# Uncomment the next line to enable TCP/IP SYN cookies
|
||
|
# See http://lwn.net/Articles/277146/
|
||
|
# Note: This may impact IPv6 TCP sessions too
|
||
|
#net.ipv4.tcp_syncookies=1
|
||
|
|
||
|
# Uncomment the next line to enable packet forwarding for IPv4
|
||
|
net.ipv4.ip_forward=1
|
||
|
|
||
|
# Uncomment the next line to enable packet forwarding for IPv6
|
||
|
# Enabling this option disables Stateless Address Autoconfiguration
|
||
|
# based on Router Advertisements for this host
|
||
|
net.ipv6.conf.all.forwarding=1
|
||
|
|
||
|
# Disable IPv6 on IPTV VLAN-interface.
|
||
|
net.ipv6.conf.wan0/4.disable_ipv6=1
|
||
|
|
||
|
# Disable IPv6 on Telia mobile broadband interface.
|
||
|
net.ipv6.conf.wwan0.disable_ipv6=1
|
||
|
|
||
|
###################################################################
|
||
|
# Additional settings - these settings can improve the network
|
||
|
# security of the host and prevent against some network attacks
|
||
|
# including spoofing attacks and man in the middle attacks through
|
||
|
# redirection. Some network environments, however, require that these
|
||
|
# settings are disabled so review and enable them as needed.
|
||
|
#
|
||
|
# Do not accept ICMP redirects (prevent MITM attacks)
|
||
|
#net.ipv4.conf.all.accept_redirects = 0
|
||
|
#net.ipv6.conf.all.accept_redirects = 0
|
||
|
# _or_
|
||
|
# Accept ICMP redirects only for gateways listed in our default
|
||
|
# gateway list (enabled by default)
|
||
|
# net.ipv4.conf.all.secure_redirects = 1
|
||
|
#
|
||
|
# Do not send ICMP redirects (we are not a router)
|
||
|
#net.ipv4.conf.all.send_redirects = 0
|
||
|
#
|
||
|
# Do not accept IP source route packets (we are not a router)
|
||
|
#net.ipv4.conf.all.accept_source_route = 0
|
||
|
#net.ipv6.conf.all.accept_source_route = 0
|
||
|
#
|
||
|
# Log Martian Packets
|
||
|
#net.ipv4.conf.all.log_martians = 1
|
||
|
#
|
||
|
# By default the ICMP "echo reply" messages are not
|
||
|
# rate limited. Adjust the "icmp_ratemask" as router
|
||
|
# is pingable from the Internet and relax the minimal
|
||
|
# space between responses to 0.1s.
|
||
|
# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
|
||
|
net.ipv4.icmp_ratemask=88089
|
||
|
net.ipv4.icmp_ratelimit=100
|
||
|
|
||
|
|
||
|
###################################################################
|
||
|
# Magic system request Key
|
||
|
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
|
||
|
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
|
||
|
# for what other values do
|
||
|
#kernel.sysrq=438
|
||
|
|
||
|
# Ignore routes whose link is down when performing a FIB lookup.
|
||
|
# This ensures instant failover from wan0 to wwan0 and vice versa.
|
||
|
net.ipv4.conf.wan0.ignore_routes_with_linkdown=1
|
||
|
net.ipv4.conf.wwan0.ignore_routes_with_linkdown=1
|