## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

#### meta start
#### project Whonix
#### category networking and security
#### description TCP/IP stack hardening

## Protects against time-wait assassination.
## It drops RST packets for sockets in the time-wait state.
net.ipv4.tcp_rfc1337=1

## Disables ICMP redirect acceptance.
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0

## Disables ICMP redirect sending.
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0

## Ignores ICMP requests.
net.ipv4.icmp_echo_ignore_all=1

## Enables TCP syncookies.
net.ipv4.tcp_syncookies=1

## Disable source routing.
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0

#### meta end