Stockier network stack
Let's tighten up TCP/IP with a few resilient settings suitable for Linux servers. We'll use sysctl, the Linux runtime kernel manager. Open the sysctl configuration file:
sudo nano /etc/sysctl.confAnd add this lot:
#accept_source_route - Disable IP source routing. net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 net.ipv6.conf.all.accept_source_route=0 net.ipv6.conf.default.accept_source_route=0 #redirects - Secure the routing table. net.ipv4.conf.all.accept_redirects=0 net.ipv6.conf.all.accept_redirects=0 net.ipv4.conf.all.send_redirects=0 net.ipv6.conf.all.send_redirects=0 #rp_filter - Prevent IP spoofing. net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.lo.rp_filter=1 net.ipv4.conf.eth0.rp_filter=1 net.ipv4.conf.default.rp_filter=1 #log_martians - Log potential attacks. net.ipv4.conf.all.log_martians=1 #ignore_broadcasts - Avoid DoS (Smurf) attack participation. net.ipv4.icmp_echo_ignore_broadcasts=1 #tcp_syncookies - Prevent...
