Configure /proc (cont)


Enable TCP Explicit Congestion Notification (maybe) 
echo "1" > /proc/sys/net/ipv4/tcp_ecn
Disable source routing (packets with routing information, RFC1122).  
for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do
    echo "0" > $i;
done
Reject and log packets with invalid source address . This may interfere with certain NAT options.
Cable broadband sends alot of these packets, too much to log.
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
        echo "1" > $i;
done
if [ -e /proc/sys/net/ipv4/conf/all/log_martians ]; then
    echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
fi
These options can be also controlled from /etc/sysctl.conf :
back
 Advanced Firewalls and Routing using Linux
 next