TCP/IP Stack Hardening
by dominee on Oct.22, 2009, under HOWTO, security
source: http://www.cromwell-intl.com/security/security-stack-hardening.html
#Disable ICMP broadcast echo activity.
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
#Disable ICMP routing redirects.
sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv6.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.all.send_redirects=0
sysctl -w net.ipv6.conf.all.send_redirects=0
#Disable IP source routing.
sysctl -w net.ipv4.conf.all.accept_source_route=0
sysctl -w net.ipv4.conf.all.forwarding=0
sysctl -w net.ipv4.conf.all.mc_forwarding=0
#Enforce sanity checking, also called ingress filtering or egress filtering
sysctl -w net.ipv4.conf.all.rp_filter=1
#Log and drop "Martian" packets.
sysctl -w net.ipv4.conf.all.log_martians=1
#Increase resiliance under heavy TCP load (which makes the system more resistant to SYN Flood attacks).
sysctl -w net.ipv4.tcp_max_syn_backlog=1280
sysctl -w net.ipv4.tcp_syncookies=1
