#-----------------------------------------------------------------------
# sysctl.conf
# ===========
#
# Project Gentoo 4 Shuttle DS57Ux
# Scope Native
# Copyright (C) 2022 by RaySoft, Zurich, Switzerland
# License GNU General Public License (GPL) 2.0
# https://www.gnu.org/licenses/gpl2.txt
#
#-----------------------------------------------------------------------
#
# Recommendations from the Gentoo Security Handbook
# https://www.gentoo.org/doc/en/security/security-handbook.xml?full=1
#
# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
#
#-----------------------------------------------------------------------
# Dynamic IP adresses (Enables support for dynamic addresses)
net.ipv4.ip_dynaddr = 1
# Forward Packets between interfaces
net.ipv4.ip_forward = 1
# Source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Source route (Accept packets with SRR option)
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# SYN cookies (Prevent against 'SYN flood attack')
# http://cr.yp.to/syncookies.html
net.ipv4.tcp_syncookies = 1
# Redirects (Accept ICMP redirect messages)
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Redirects (Send ICMP redirect messages)
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# ICMP broadcasts (Ignore ICMP ECHO and TIMESTAMP requests)
net.ipv4.icmp_echo_ignore_broadcasts = 1
# RFC1122 violation
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Disable IPv6 operation
# https://bugzilla.redhat.com/show_bug.cgi?id=641836
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1