# This file was formerly part of /etc/sysctl.conf
### IPV4 networking options.

# IPv4 packet forwarding.
#
# This variable is special, its change resets all configuration
# parameters to their default state (RFC 1122 for hosts, RFC 1812 for
# routers).
#
net.ipv4.ip_forward = 0

# Source validation by reversed path, as specified in RFC 1812.
#
# Recommended option for single homed hosts and stub network routers.
# Could cause troubles for complicated (not loop free) networks
# running a slow unreliable protocol (sort of RIP), or using static
# routes.
#
net.ipv4.conf.default.rp_filter = 1

# If set to true, then the kernel will ignore ICMP ECHO requests sent
# to broadcast/multicast addresses, preventing the use of your system
# for "smurf" attacks.
#
net.ipv4.icmp_echo_ignore_broadcasts = 1

# TCP SYN cookies: http://cr.yp.to/syncookies.html
#
# If set to true and the kernel was compiled with CONFIG_SYN_COOKIES,
# it will send out SYN cookies when the SYN backlog queue of a socket
# overflows, defeating SYN flood attacks.  Note that SYN cookies make
# it possible (although hopefully impractical) to bypass certain
# packet filter setups which disallow incoming packets based on the
# SYN flag.  This is because with SYN cookies the attacker no longer
# strictly needs to send the initial SYN, but rather may guess a valid
# SYN cookie.
#
net.ipv4.tcp_syncookies = 1

# TCP timestamps, as specified in RFC 1323.
#
# The primary purpose of TCP timestamps is to allow for more accurate
# measurement of round-trip time, which in turn helps improve TCP
# performance over large bandwidth*delay product paths.  Other TCP
# extensions also aimed at improving transfer rate include scaled windows
# (also specified in RFC 1323) and selective acknowledgments (RFC 2018).
#
# Unfortunately, the sending of TCP timestamps as currently implemented
# in the Linux kernel leaks information which some may view as sensitive:
# the exact system uptime.
#
net.ipv4.tcp_timestamps = 0