diff --git a/README.md b/README.md
index 5a7e36b..20d4f9b 100644
--- a/README.md
+++ b/README.md
@@ -102,8 +102,8 @@ Networking:
 - Disable ICMP redirect acceptance and redirect sending messages to prevent
   man-in-the-middle attacks and minimize information disclosure.
 
-- Optional - Deny sending and receiving shared media redirects to reduce
-  the risk of IP spoofing attacks.
+- Deny sending and receiving shared media redirects to reduce the risk of IP
+  spoofing attacks.
 
 - Optional - Enable ARP filtering to mitigate some ARP spoofing and ARP
   cache poisoning attacks.
diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 02cbf4e..046a2cf 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -451,7 +451,7 @@ net.ipv6.conf.*.accept_redirects=0
 ## https://datatracker.ietf.org/doc/html/rfc1620
 ## https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/theconfvariables.html
 ##
-#net.ipv4.conf.*.shared_media=0
+net.ipv4.conf.*.shared_media=0
 
 ## Enable ARP (Address Resolution Protocol) filtering.
 ## Prevents the Linux kernel from handling the ARP table globally