/[baselayout]/trunk/etc.Linux/sysctl.conf
Gentoo

Contents of /trunk/etc.Linux/sysctl.conf

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3205 - (hide annotations) (download)
Fri Jan 25 05:58:58 2013 UTC (2 years, 4 months ago) by vapier
File MIME type: text/plain
File size: 1785 byte(s)
sysctl.conf: document new net.ipv4.ping_group_range option
1 uberlord 2547 # /etc/sysctl.conf
2     #
3     # For more information on how this file works, please see
4     # the manpages sysctl(8) and sysctl.conf(5).
5     #
6     # In order for this file to work properly, you must first
7     # enable 'Sysctl support' in the kernel.
8     #
9     # Look in /proc/sys/ for all the things you can setup.
10     #
11    
12     # Disables packet forwarding
13 vapier 2679 net.ipv4.ip_forward = 0
14 uberlord 2547 # Disables IP dynaddr
15     #net.ipv4.ip_dynaddr = 0
16     # Disable ECN
17     #net.ipv4.tcp_ecn = 0
18     # Enables source route verification
19     net.ipv4.conf.default.rp_filter = 1
20     # Enable reverse path
21     net.ipv4.conf.all.rp_filter = 1
22    
23     # Enable SYN cookies (yum!)
24     # http://cr.yp.to/syncookies.html
25 uberlord 2705 #net.ipv4.tcp_syncookies = 1
26 uberlord 2547
27 vapier 3205 # Enable people in the specified (min, max) group range to send ICMP_ECHO
28     # messages (i.e. ping) and receive ICMP_ECHOREPLY responses. This allows
29     # you to run non-suid and non-caps `ping`, but it also means anyone with
30     # a gid in this range can send those packets (not just via `ping`).
31     #net.ipv4.ping_group_range = 100 100
32    
33 uberlord 2547 # Disable source route
34     #net.ipv4.conf.all.accept_source_route = 0
35     #net.ipv4.conf.default.accept_source_route = 0
36    
37     # Disable redirects
38     #net.ipv4.conf.all.accept_redirects = 0
39     #net.ipv4.conf.default.accept_redirects = 0
40    
41     # Disable secure redirects
42     #net.ipv4.conf.all.secure_redirects = 0
43     #net.ipv4.conf.default.secure_redirects = 0
44    
45     # Ignore ICMP broadcasts
46     #net.ipv4.icmp_echo_ignore_broadcasts = 1
47    
48     # Disables the magic-sysrq key
49     #kernel.sysrq = 0
50     # When the kernel panics, automatically reboot in 3 seconds
51     #kernel.panic = 3
52     # Allow for more PIDs (cool factor!); may break some programs
53     #kernel.pid_max = 999999
54    
55     # You should compile nfsd into the kernel or add it
56     # to modules.autoload for this to work properly
57     # TCP Port for lock manager
58     #fs.nfs.nlm_tcpport = 0
59     # UDP Port for lock manager
60     #fs.nfs.nlm_udpport = 0

  ViewVC Help
Powered by ViewVC 1.1.20