commit dbfd178655b0a2b2d3fc95389329f4e0c7be2391
parent c5364ad1384857144c7c1e7309ed788059f359c0
Author: Dash Eclipse <dashezup@disroot.org>
Date: Fri, 29 Apr 2022 16:16:14 +0000
feat: add etc/sysctl.conf
Diffstat:
A | etc/sysctl.conf | | | 65 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 65 insertions(+), 0 deletions(-)
diff --git a/etc/sysctl.conf b/etc/sysctl.conf
@@ -0,0 +1,65 @@
+# /etc/sysctl.conf
+#
+# For more information on how this file works, please see
+# the manpages sysctl(8) and sysctl.conf(5).
+#
+# In order for this file to work properly, you must first
+# enable 'Sysctl support' in the kernel.
+#
+# Look in /proc/sys/ for all the things you can setup.
+#
+
+# Disables packet forwarding
+net.ipv4.ip_forward = 0
+# Disables IP dynaddr
+#net.ipv4.ip_dynaddr = 0
+# Disable ECN
+#net.ipv4.tcp_ecn = 0
+# Enables source route verification
+#net.ipv4.conf.default.rp_filter = 1
+# Enable reverse path
+#net.ipv4.conf.all.rp_filter = 1
+
+# Enable SYN cookies (yum!)
+# http://cr.yp.to/syncookies.html
+#net.ipv4.tcp_syncookies = 1
+
+# Enable people in the specified (min, max) group range to send ICMP_ECHO
+# messages (i.e. ping) and receive ICMP_ECHOREPLY responses. This allows
+# you to run non-suid and non-caps `ping`, but it also means anyone with
+# a gid in this range can send those packets (not just via `ping`).
+#net.ipv4.ping_group_range = 100 100
+
+# Disable source route
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv4.conf.default.accept_source_route = 0
+
+# Disable redirects
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv4.conf.default.accept_redirects = 0
+
+# Disable secure redirects
+#net.ipv4.conf.all.secure_redirects = 0
+#net.ipv4.conf.default.secure_redirects = 0
+
+# Ignore ICMP broadcasts
+#net.ipv4.icmp_echo_ignore_broadcasts = 1
+
+# Disables the magic-sysrq key
+#kernel.sysrq = 0
+# When the kernel panics, automatically reboot in 3 seconds
+#kernel.panic = 3
+# Allow for more PIDs (cool factor!); may break some programs
+#kernel.pid_max = 999999
+
+# You should compile nfsd into the kernel or add it
+# to modules.autoload for this to work properly
+# TCP Port for lock manager
+#fs.nfs.nlm_tcpport = 0
+# UDP Port for lock manager
+#fs.nfs.nlm_udpport = 0
+
+# Disable IPv6
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1