I was wondering if any of the options for the interfaces do the same thing
as any of these? I have read the docs and it seems that there are a
couple options that do this but I''m not sure how to check to see if
stuff
is enabled or disabled.
Flame away.
# SYN Cookie Protection
/bin/echo "1" > /proc/sys/net/ipv4/tcp_syncookies
# Disable response to ping
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
# Disable response to broadcasts
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Don''t accept source routed packets
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/send_redirects
# Disable ICMP redirect acceptance
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
# Enable bad error message protection
/bin/echo "1" >
/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# Turn on reverse path filtering
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo "1" > ${interface}
done
# Log spoofed packets, source routed packets, redirect packets
/bin/echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
# Enable IP forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
#
--
Joe
***
I can only please one person a day.
Today is not your day and tomorrow doesn''t look good either.
***
On Tue, 2003-08-05 at 07:43, Joe Gofton wrote:> I was wondering if any of the options for the interfaces do the same thing > as any of these?The "routefilter" interface option (and ROUTEFILTER variable in shorewall.conf) are associated with rp_filter. The IP_FORWARDING variable controls ip_forward. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net