Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-14 05:59:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #39 from madaidan/rp_filter

Browse Source 
Enable reverse path filtering
This commit is contained in:
Patrick Schleizer 2019-12-05 20:33:47 +00:00 committed by GitHub
commit 9679292878
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
debian/control vendored
View File

@ -43,8 +43,9 @@ Description: enhances misc security settings
* The TCP/IP stack is hardened by disabling ICMP redirect acceptance,
ICMP redirect sending and source routing to prevent man-in-the-middle attacks,
ignoring all ICMP requests, enabling TCP syncookies to prevent SYN flood
attacks and enabling RFC1337 to protect against time-wait assassination
attacks.
attacks, enabling RFC1337 to protect against time-wait assassination
attacks and enabling reverse path filtering to prevent IP spoofing and
mitigate vulnerabilities such as CVE-2019-14899.
.
* Some data spoofing attacks are made harder.
.

5
etc/sysctl.d/tcp_hardening.conf
View File

@ -33,4 +33,9 @@ net.ipv4.tcp_syncookies=1
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
## Enable reverse path filtering to prevent IP spoofing and
## mitigate vulnerabilities such as CVE-2019-14899.
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
#### meta end