Configure /proc (cont)


ICMP options (if in doubt, reject) 
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_redirects
Enable SYN Cookies 
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
Enable support for dynamic IP (packet source address rewritten on retransmission, mostly for diald)
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
Resist DoS attacks by reducing timeouts so connections are closed faster and stale connections killed faster
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
back
 Advanced Firewalls and Routing using Linux
 next