diff options
| author | Silvino Silva <silvino@bk.ru> | 2020-04-20 01:03:12 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2020-04-20 01:03:12 +0100 |
| commit | 6ca80c0a296cb44bc2b335211df86e8a95383cdf (patch) | |
| tree | 809ca0fc2eee0353d7040539310605d0e113b3d7 /core/conf/sysctl.conf | |
| parent | fd186246f96768b8398f0ffe32ef136cb895fa21 (diff) | |
| parent | 5eec098c537ed98f76af59c37a54cb45645cc2a6 (diff) | |
| download | doc-6ca80c0a296cb44bc2b335211df86e8a95383cdf.tar.gz | |
Merge branch 'master' into develop
Diffstat (limited to 'core/conf/sysctl.conf')
| -rw-r--r-- | core/conf/sysctl.conf | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index 3cc54d1..2a8723b 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -34,6 +34,8 @@ kernel.kptr_restrict = 2 # net.core.bpf_jit_enable = 0 +# harden all code +net.core.bpf_jit_harden = 2 # Increase Linux auto tuning TCP buffer limits # min, default, and max number of bytes to use @@ -54,13 +56,13 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 # Tuen IPv6 -#net.ipv6.conf.default.router_solicitations = 0 -#net.ipv6.conf.default.accept_ra_rtr_pref = 0 -#net.ipv6.conf.default.accept_ra_pinfo = 0 -#net.ipv6.conf.default.accept_ra_defrtr = 0 -#net.ipv6.conf.default.autoconf = 0 -#net.ipv6.conf.default.dad_transmits = 0 -#net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.default.dad_transmits = 0 +net.ipv6.conf.default.max_addresses = 0 # Avoid a smurf attack, ping scanning net.ipv4.icmp_echo_ignore_broadcasts = 1 @@ -140,4 +142,3 @@ net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_synack_retries = 3 # End of file - |