[oe-commits] John Lee : fastboot: procps: enable spoofing protection for everyone.
GIT User account
git at amethyst.openembedded.net
Tue Dec 23 13:38:29 UTC 2008
Module: openembedded.git
Branch: john_lee/fastboot-devel
Commit: 552010255a784b6f7afd55c482034703249c49d6
URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=552010255a784b6f7afd55c482034703249c49d6
Author: John Lee <john_lee at openmoko.org>
Date: Tue Dec 23 21:25:04 2008 +0800
fastboot: procps: enable spoofing protection for everyone.
---
packages/procps/procps-3.2.7/openmoko/sysctl.conf | 64 ---------------------
packages/procps/procps-3.2.7/sysctl.conf | 4 +-
2 files changed, 2 insertions(+), 66 deletions(-)
diff --git a/packages/procps/procps-3.2.7/openmoko/sysctl.conf b/packages/procps/procps-3.2.7/openmoko/sysctl.conf
deleted file mode 100644
index 34e7488..0000000
--- a/packages/procps/procps-3.2.7/openmoko/sysctl.conf
+++ /dev/null
@@ -1,64 +0,0 @@
-# This configuration file is taken from Debian.
-#
-# /etc/sysctl.conf - Configuration file for setting system variables
-# See sysctl.conf (5) for information.
-#
-
-#kernel.domainname = example.com
-
-# Uncomment the following to stop low-level messages on console
-#kernel.printk = 4 4 1 7
-
-##############################################################3
-# Functions previously found in netbase
-#
-
-# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
-# Turn on Source Address Verification in all interfaces to
-# prevent some spoofing attacks
-net.ipv4.conf.default.rp_filter=1
-net.ipv4.conf.all.rp_filter=1
-
-# Uncomment the next line to enable TCP/IP SYN cookies
-#net.ipv4.tcp_syncookies=1
-
-# Uncomment the next line to enable packet forwarding for IPv4
-#net.ipv4.ip_forward=1
-
-# Uncomment the next line to enable packet forwarding for IPv6
-#net.ipv6.conf.all.forwarding=1
-
-
-###################################################################
-# Additional settings - these settings can improve the network
-# security of the host and prevent against some network attacks
-# including spoofing attacks and man in the middle attacks through
-# redirection. Some network environments, however, require that these
-# settings are disabled so review and enable them as needed.
-#
-# Ignore ICMP broadcasts
-#net.ipv4.icmp_echo_ignore_broadcasts = 1
-#
-# Ignore bogus ICMP errors
-#net.ipv4.icmp_ignore_bogus_error_responses = 1
-#
-# Do not accept ICMP redirects (prevent MITM attacks)
-#net.ipv4.conf.all.accept_redirects = 0
-#net.ipv6.conf.all.accept_redirects = 0
-# _or_
-# Accept ICMP redirects only for gateways listed in our default
-# gateway list (enabled by default)
-# net.ipv4.conf.all.secure_redirects = 1
-#
-# Do not send ICMP redirects (we are not a router)
-#net.ipv4.conf.all.send_redirects = 0
-#
-# Do not accept IP source route packets (we are not a router)
-#net.ipv4.conf.all.accept_source_route = 0
-#net.ipv6.conf.all.accept_source_route = 0
-#
-# Log Martian Packets
-#net.ipv4.conf.all.log_martians = 1
-#
-
-#kernel.shmmax = 141762560
diff --git a/packages/procps/procps-3.2.7/sysctl.conf b/packages/procps/procps-3.2.7/sysctl.conf
index 6b4ad57..34e7488 100644
--- a/packages/procps/procps-3.2.7/sysctl.conf
+++ b/packages/procps/procps-3.2.7/sysctl.conf
@@ -16,8 +16,8 @@
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
-#net.ipv4.conf.default.rp_filter=1
-#net.ipv4.conf.all.rp_filter=1
+net.ipv4.conf.default.rp_filter=1
+net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
#net.ipv4.tcp_syncookies=1
More information about the Openembedded-commits
mailing list