about summary refs log tree commit diff stats
path: root/core/conf/sysctl.conf
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2020-02-07 03:41:45 +0000
committerSilvino Silva <silvino@bk.ru>2020-02-15 00:56:46 +0000
commita947a31ede27fdf995e0a63e766fcd68eb491426 (patch)
tree74c749814fc91a22148b637b90507c78c56e02c8 /core/conf/sysctl.conf
parentac7c572733282e49801b16531d841682e3ab1b5a (diff)
downloaddoc-a947a31ede27fdf995e0a63e766fcd68eb491426.tar.gz
System configuration update
Diffstat (limited to 'core/conf/sysctl.conf')
-rw-r--r--core/conf/sysctl.conf17


1 files changed, 9 insertions, 8 deletions
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf
index 3cc54d1..2a8723b 100644
--- a/core/conf/sysctl.conf
+++ b/core/conf/sysctl.conf
@@ -34,6 +34,8 @@ kernel.kptr_restrict = 2
 #
 
 net.core.bpf_jit_enable = 0
+# harden all code
+net.core.bpf_jit_harden = 2
 
 # Increase Linux auto tuning TCP buffer limits
 # min, default, and max number of bytes to use
@@ -54,13 +56,13 @@ net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1
 
 # Tuen IPv6
-#net.ipv6.conf.default.router_solicitations = 0
-#net.ipv6.conf.default.accept_ra_rtr_pref = 0
-#net.ipv6.conf.default.accept_ra_pinfo = 0
-#net.ipv6.conf.default.accept_ra_defrtr = 0
-#net.ipv6.conf.default.autoconf = 0
-#net.ipv6.conf.default.dad_transmits = 0
-#net.ipv6.conf.default.max_addresses = 0
+net.ipv6.conf.default.router_solicitations = 0
+net.ipv6.conf.default.accept_ra_rtr_pref = 0
+net.ipv6.conf.default.accept_ra_pinfo = 0
+net.ipv6.conf.default.accept_ra_defrtr = 0
+net.ipv6.conf.default.autoconf = 0
+net.ipv6.conf.default.dad_transmits = 0
+net.ipv6.conf.default.max_addresses = 0
 
 # Avoid a smurf attack, ping scanning
 net.ipv4.icmp_echo_ignore_broadcasts = 1
@@ -140,4 +142,3 @@ net.ipv4.tcp_keepalive_time = 1800
 net.ipv4.tcp_synack_retries = 3
 
 # End of file
-

 

generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-09-18 07:28:41 +0000