2019-10-07 01:30:56 -04:00
|
|
|
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
|
|
|
|
## See the file COPYING for copying conditions.
|
2019-05-06 11:45:53 -04:00
|
|
|
|
2019-10-07 01:30:56 -04:00
|
|
|
#### meta start
|
|
|
|
|
#### project Whonix
|
|
|
|
|
#### category networking and security
|
2019-10-07 04:24:02 -04:00
|
|
|
#### description
|
|
|
|
|
## TCP/IP stack hardening
|
2019-10-07 01:30:56 -04:00
|
|
|
|
|
|
|
|
## Protects against time-wait assassination.
|
|
|
|
|
## It drops RST packets for sockets in the time-wait state.
|
2019-05-06 11:45:53 -04:00
|
|
|
net.ipv4.tcp_rfc1337=1
|
|
|
|
|
|
2019-10-07 01:30:56 -04:00
|
|
|
## Disables ICMP redirect acceptance.
|
2019-05-06 11:45:53 -04:00
|
|
|
net.ipv4.conf.all.accept_redirects=0
|
|
|
|
|
net.ipv4.conf.default.accept_redirects=0
|
|
|
|
|
net.ipv4.conf.all.secure_redirects=0
|
|
|
|
|
net.ipv4.conf.default.secure_redirects=0
|
|
|
|
|
net.ipv6.conf.all.accept_redirects=0
|
|
|
|
|
net.ipv6.conf.default.accept_redirects=0
|
|
|
|
|
|
2019-10-07 01:30:56 -04:00
|
|
|
## Disables ICMP redirect sending.
|
2019-05-06 11:45:53 -04:00
|
|
|
net.ipv4.conf.all.send_redirects=0
|
|
|
|
|
net.ipv4.conf.default.send_redirects=0
|
|
|
|
|
|
2019-10-07 01:30:56 -04:00
|
|
|
## Ignores ICMP requests.
|
2019-05-06 11:45:53 -04:00
|
|
|
net.ipv4.icmp_echo_ignore_all=1
|
2019-06-27 14:17:58 -04:00
|
|
|
|
2019-10-07 01:30:56 -04:00
|
|
|
## Enables TCP syncookies.
|
2019-06-27 14:17:58 -04:00
|
|
|
net.ipv4.tcp_syncookies=1
|
|
|
|
|
|
2019-10-07 01:30:56 -04:00
|
|
|
## Disable source routing.
|
2019-06-27 14:17:58 -04:00
|
|
|
net.ipv4.conf.all.accept_source_route=0
|
|
|
|
|
net.ipv4.conf.default.accept_source_route=0
|
2019-10-07 01:30:56 -04:00
|
|
|
|
|
|
|
|
#### meta end
|
