13 lines
509 B
Plaintext
13 lines
509 B
Plaintext
|
|
# Turn on Source Address Verification in all interfaces to
|
|
# prevent some spoofing attacks.
|
|
net.ipv4.conf.default.rp_filter=1
|
|
net.ipv4.conf.all.rp_filter=1
|
|
|
|
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
|
|
# of TCP functionality/features under normal conditions. When flood
|
|
# protections kick in under high unanswered-SYN load, the system
|
|
# should remain more stable, with a trade off of some loss of TCP
|
|
# functionality/features (e.g. TCP Window scaling).
|
|
net.ipv4.tcp_syncookies=1
|