[oe-commits] John Lee : fastboot: procps: enable spoofing protection for everyone.

Tue Dec 23 13:38:29 UTC 2008

Module: openembedded.git
Branch: john_lee/fastboot-devel
Commit: 552010255a784b6f7afd55c482034703249c49d6
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=552010255a784b6f7afd55c482034703249c49d6

Author: John Lee <john_lee at openmoko.org>
Date:   Tue Dec 23 21:25:04 2008 +0800

fastboot: procps: enable spoofing protection for everyone.

---

 packages/procps/procps-3.2.7/openmoko/sysctl.conf |   64 ---------------------
 packages/procps/procps-3.2.7/sysctl.conf          |    4 +-
 2 files changed, 2 insertions(+), 66 deletions(-)

diff --git a/packages/procps/procps-3.2.7/openmoko/sysctl.conf b/packages/procps/procps-3.2.7/openmoko/sysctl.conf
deleted file mode 100644
index 34e7488..0000000
--- a/packages/procps/procps-3.2.7/openmoko/sysctl.conf
+++ /dev/null
@@ -1,64 +0,0 @@
-# This configuration file is taken from Debian.
-#
-# /etc/sysctl.conf - Configuration file for setting system variables
-# See sysctl.conf (5) for information.
-#
-
-#kernel.domainname = example.com
-
-# Uncomment the following to stop low-level messages on console
-#kernel.printk = 4 4 1 7
-
-##############################################################3
-# Functions previously found in netbase
-#
-
-# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
-# Turn on Source Address Verification in all interfaces to
-# prevent some spoofing attacks
-net.ipv4.conf.default.rp_filter=1
-net.ipv4.conf.all.rp_filter=1
-
-# Uncomment the next line to enable TCP/IP SYN cookies
-#net.ipv4.tcp_syncookies=1
-
-# Uncomment the next line to enable packet forwarding for IPv4
-#net.ipv4.ip_forward=1
-
-# Uncomment the next line to enable packet forwarding for IPv6
-#net.ipv6.conf.all.forwarding=1
-
-
-###################################################################
-# Additional settings - these settings can improve the network
-# security of the host and prevent against some network attacks
-# including spoofing attacks and man in the middle attacks through
-# redirection. Some network environments, however, require that these
-# settings are disabled so review and enable them as needed.
-#
-# Ignore ICMP broadcasts
-#net.ipv4.icmp_echo_ignore_broadcasts = 1
-#
-# Ignore bogus ICMP errors
-#net.ipv4.icmp_ignore_bogus_error_responses = 1
-#
-# Do not accept ICMP redirects (prevent MITM attacks)
-#net.ipv4.conf.all.accept_redirects = 0
-#net.ipv6.conf.all.accept_redirects = 0
-# _or_
-# Accept ICMP redirects only for gateways listed in our default
-# gateway list (enabled by default)
-# net.ipv4.conf.all.secure_redirects = 1
-#
-# Do not send ICMP redirects (we are not a router)
-#net.ipv4.conf.all.send_redirects = 0
-#
-# Do not accept IP source route packets (we are not a router)
-#net.ipv4.conf.all.accept_source_route = 0
-#net.ipv6.conf.all.accept_source_route = 0
-#
-# Log Martian Packets
-#net.ipv4.conf.all.log_martians = 1
-#
-
-#kernel.shmmax = 141762560
diff --git a/packages/procps/procps-3.2.7/sysctl.conf b/packages/procps/procps-3.2.7/sysctl.conf
index 6b4ad57..34e7488 100644
--- a/packages/procps/procps-3.2.7/sysctl.conf
+++ b/packages/procps/procps-3.2.7/sysctl.conf
@@ -16,8 +16,8 @@
 # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
 # Turn on Source Address Verification in all interfaces to
 # prevent some spoofing attacks
-#net.ipv4.conf.default.rp_filter=1
-#net.ipv4.conf.all.rp_filter=1
+net.ipv4.conf.default.rp_filter=1
+net.ipv4.conf.all.rp_filter=1
 
 # Uncomment the next line to enable TCP/IP SYN cookies
 #net.ipv4.tcp_syncookies=1



