diff options
Diffstat (limited to 'core/conf/sysctl.conf')
| -rw-r--r-- | core/conf/sysctl.conf | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index 3cc54d1..2a8723b 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -34,6 +34,8 @@ kernel.kptr_restrict = 2 # net.core.bpf_jit_enable = 0 +# harden all code +net.core.bpf_jit_harden = 2 # Increase Linux auto tuning TCP buffer limits # min, default, and max number of bytes to use @@ -54,13 +56,13 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 # Tuen IPv6 -#net.ipv6.conf.default.router_solicitations = 0 -#net.ipv6.conf.default.accept_ra_rtr_pref = 0 -#net.ipv6.conf.default.accept_ra_pinfo = 0 -#net.ipv6.conf.default.accept_ra_defrtr = 0 -#net.ipv6.conf.default.autoconf = 0 -#net.ipv6.conf.default.dad_transmits = 0 -#net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.default.dad_transmits = 0 +net.ipv6.conf.default.max_addresses = 0 # Avoid a smurf attack, ping scanning net.ipv4.icmp_echo_ignore_broadcasts = 1 @@ -140,4 +142,3 @@ net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_synack_retries = 3 # End of file - |