## TCP/IP stack hardening # Protects against time-wait assassination. It drops RST packets for sockets in the time-wait state. net.ipv4.tcp_rfc1337=1 # Disables ICMP redirect acceptance. net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.default.accept_redirects=0 # Disables ICMP redirect sending. net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_redirects=0 # Ignores ICMP requests. net.ipv4.icmp_echo_ignore_all=1 # Enables TCP syncookies. net.ipv4.tcp_syncookies=1 # Disable source routing. net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0