Tujuan dari penulisan ini adalah untuk melindungi server dari serangan DOS maupun Spoofing. Disini dituliskan contoh konfigurasi sysctl.conf yang baik. Sebagai catatan, dalam konfigurasi ini saya menggunakan eth0 sebagai primary networking interface.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456

 

#Ignore Ping
net.ipv4.icmp_echo_ignore_all = 0

#Ignore Broadcast ICMP Request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

 

Apablia ditemukan masalah atau ada referensi yang lebih baik silahkan isi komentar.

 

linuxforums.org

eth0.us

Comments

Add New Search RSS

Anonymous   |222.174.116.xxx |14-06-2010 13:04:28 Do you want to have a Particularly cheap and attractive dress?Don't hesitate and hurry to our website.Look forward to this mini Christian Louboutinshoes,with this stylish Herve Leger,We firmly believe that they can make you the most charming among the crowd.You must often have no choice to wear what shoes to leisure or sports,do't worry and hurry to buy our leisure partners Vibram Five Fingers and sports partners MBT Shoes,then you will never worry about wearing what shoes.Don't forget our discounted Jimmy Choo Shoes and Manolo Blahnik Shoes and our cheap P90X DVD,you must have a special fond of it,quickly swing into action right now my friends! Vivienne Westwood Shoes Vivienne Westwood Sa... Reply | Quote 0   0 ads  - ads   |125.69.136.xxx |19-07-2010 13:21:33 i believe you are a good writer, but have you erver thought to write some special artcals for peopel who likes shopping very much. for exaple, the artical aboutreplica louis vuitton bags orvibram,ghd flat iron orchristian shoes,cheap ugg bootsand replica watches swiss made as well asjordan shoes salechi flat iron,discount nfl team apparel, t shirts. i think more and more people would comr to read your blogs. air jordan 12 air jordan xii air jordan retro 12 air jordan retro xii air jordan 11 air jordan xi air jordan retro 11 air jordan retro xi air jordan 3 air jordan iii air jordan retro 3 air jordan retro iii air jordan 12 air jordan xii air jordan retro 12 air jordan retro xii air jordan 13 air jordan xiii Reply | Quote 0   0 yuyangguoji  - lw   |222.174.116.xxx |20-07-2010 10:29:20 I firmly believe you need the Action Adventure with reasonable price that with the high quality,and we will let your dream come true,a bloody cool boy is born with our mbt boots in the crowd.So don't hesitate,just come to our online shop to catch the opportunity once in the blue moon,to pick up and buy our workout dvd,a wide range from mbt boots,sport shoes and wholesale mbt to p90x fitness.Of course we are sure you will not miss our fantasy cheap video. Men MBT M.Walk shoes,cheap MBT M.Walk shoes,cheap Women MBT M.Walk shoes,cheap Men MBT M.Walk shoes,MBT Lami shoes,cheap MBT Lami shoes,MBT Lami shoes sale,MBT Lami shoes for sale,cheap MBT Lami shoes sale,MBT Sport Shoes,cheap MBT Sport Shoes,MBT Spor... Reply | Quote 0   0 babydoll     |120.36.36.xxx |20-07-2010 13:15:37 Now lots of people buy adult *** product to improve *** life high stocking,we supply all kinds of adult *** product Long Lady Stocking,because we are manufacture and have our factory women stocking,our product are all safe and wholesale wife babydoll,welcome to visit our store pijamas,all kinds of adult *** product for female and male open bust babydoll, you will buy your love *** product from our store Strap on dildos,adult *** product will greatly improve the quality of your *** life stocking online,*** life is very important baby doll nighties,*** life is harmonious babydoll costumes,the life is happies Wholesale Long Stocking,you can introduce your family and friend to visit our store Finger vibrators,best wi... Reply | Quote 0   0 Anonymous   |117.26.227.xxx |02-08-2010 13:18:54 Badminton activities include the intentions of the tactics of each other, for all aircraft to oneself, use what tactics and intelligence, so often in the exercise can make people thinking agility. At the same time, because of the game, the fierce competition tension, enables practitioner of psychological quality good exercise, in the competition, strengthen the enterprising spirit, make the person's intelligence, brave, in competition and struggle. Through this training, can achieve unflappable and survive, the wisdom and cultivate jordan retro air jordan retro nike outlet mbt outlet cheap mbt shoes mbt walking shoes mbt discount Vibram Five Fi... Reply | Quote 0   0 karl  - tag heuer aquaracer watches   |123.158.164.xxx |04-08-2010 09:08:34 reason why we are The Largest World Wide Online replica franck muller watches are also some sporty watches from this watch brand fake tag heuer omega watches if you want to buy designer and get what you pay fake oris watch cartier baignoire watches the classic air of the lady who is wearing it fake breitling watch cartier tortue watches directly on sunlight as it will make the leather swiss rolex watches said that an Armani watch is a thing of beauty a replica watches now re emerging Armand Nicolet manufacture was in replica rolex vintage pieces that is sure to attract bidders cartier 21 chronoscaph history having flown all night long powered only replica watches diamond watch exquisitely and draw even more fake ... Reply | Quote 0   0 wow gold  - `WoW GOLD     |123.145.181.xxx |23-08-2010 15:53:01 A Doe had had the misfortune Aion gold to lose one of her eyes, and could not see aion gold any one approaching her on that side.World of Warcraft power leveling So to avoid any danger cabal alz she always used aion kinah to feed on a high cliff near the sea,maple story power leveling with her sound eye looking towards the land. archlord power leveling By this means she could see whenever eve isk the hunters approached her on land,replica rolexand often escaped by this means.2moons gold But the hunters found out rom gold that she was blind of one eye,world of warcraft gold and hiring a boat 2moons dil rowed under the cliff where she used to feed and aion kinah shot her from the sea.last chaos gold "Ah," cried she with her dyi... Reply | Quote 0   0 Powered by !JoomlaComment 3.26

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."