Tujuan dari penulisan ini adalah untuk melindungi server dari serangan DOS maupun Spoofing. Disini dituliskan contoh konfigurasi sysctl.conf yang baik. Sebagai catatan, dalam konfigurasi ini saya menggunakan eth0 sebagai primary networking interface.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456

 

#Ignore Ping
net.ipv4.icmp_echo_ignore_all = 0

#Ignore Broadcast ICMP Request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

 

Apablia ditemukan masalah atau ada referensi yang lebih baik silahkan isi komentar.

 

linuxforums.org

eth0.us

Comments

Add New Search RSS

Anonymous   |222.174.116.xxx |14-06-2010 13:04:28 Do you want to have a Particularly cheap and attractive dress?Don't hesitate and hurry to our website.Look forward to this mini link:http:// http://www.unshoessales.com/shoes,with this stylish link:http:// http://www.unshoessales.com/herve-leger-c-35.html, We firmly believe that they can make you the most charming among the crowd.You must often have no choice to wear what shoes to leisure or sports,do't worry and hurry to buy our leisure partners link:http:// http://www.shoeseasybuy.com/ and sports partners link:http:// http://www.unbootssale.com/,then you will never worry about wearing what shoes.Don't forget our discounted link:http:// h... Reply 0   0 ads  - ads   |125.69.136.xxx |19-07-2010 13:21:33 i believe you are a good writer, but have you erver thought to write some special artcals for peopel who likes shopping very much. for exaple, the artical about link:http://www.bestlvbags.com/ or link:http://www.vibramfivefinger.us/, link:http://www.buyghdstraightener.com/ or link:http://www.2010christianlouboutinshoes.org/, link:http://www.u99bootssale.comand link:http://www.rolexeswatch.com/ as well as link:http://www.hijordan.us/ link:http://www.buychihairstraightener.com, link:http://www.nfl-footballapparel.com/, t shirts. i think more and more people would comr to read your blogs. link:http://www.hijordan.us/air-jordan-12-c-45.ht ml link:http://www.hijordan.us/air-jordan-12-c-45.ht&... Reply 0   0 yuyangguoji  - lw   |222.174.116.xxx |20-07-2010 10:29:20 I firmly believe you need the link:http://www.undvdsale.com/actionadventure-dvd -c-38.html with reasonable price that with the high quality,and we will let your dream come true,a bloody cool boy is born with our link:http://www.unbootssale.com/ in the crowd.So don't hesitate,just come to our online shop to catch the opportunity once in the blue moon,to pick up and buy our link:http://www.undvdsale.com/p90x-workout-dvd-c- 52.html,a wide range from link:http://www.unbootssale.com/, link:http://www.unbootssale.com/MBT-Sport-Shoes.h tml and link:http://www.unbootssale.com/ to link:http://www.undvdsale.com/p90x-workout-dvd-c- 59.html.Of course we are sure you wil... Reply 0   0 babydoll   |120.36.36.xxx |20-07-2010 13:15:37 Now lots of people buy adult *** product to improve *** life link:http://www.daily***nlove.com/,we supply all kinds of adult *** product link:http://www.daily***nlove.com/,because we are manufacture and have our factory link:http://www.daily***nlove.com/,our product are all safe and wholesale link:http://www.daily***nlove.com/,welcome to visit our store link:http://www.daily***nlove.com/,all kinds of adult *** product for female and male link:http://www.daily***nlove.com/, you will buy your love *** product from our store link:http://www.daily***nlove.com/,adult *** product will greatly improve the quality of your *** life link:http://www.daily***nlove.com/,***... Reply 0   0 Anonymous   |117.26.227.xxx |02-08-2010 13:18:54 Badminton activities include the intentions of the tactics of each other, for all aircraft to oneself, use what tactics and intelligence, so often in the exercise can make people thinking agility. At the same time, because of the game, the fierce competition tension, enables practitioner of psychological quality good exercise, in the competition, strengthen the enterprising spirit, make the person's intelligence, brave, in competition and struggle. Through this training, can achieve unflappable and survive, the wisdom and cultivate link:http://www.air-jordanshop.com/Jordan-Retro-b _186.html link:http://www.air-jordanshop.com/Jordan-Retro... Reply 0   0 karl  - tag heuer aquaracer watches   |123.158.164.xxx |04-08-2010 09:08:34 reason why we are The Largest World Wide Online link:http://www.appwatches.com/franck_muller-watc hes.html are also some sporty watches from this watch brand link:http://www.keepwatches.com/tag_heuer-watches .html omega watches if you want to buy designer and get what you pay link:http://www.appwatches.com/oris-watches.html cartier baignoire watches the classic air of the lady who is wearing it link:http://www.keepwatches.com/breitling-watches .html cartier tortue watches directly on sunlight as it will make the leather link:http://www.watchestype.com/swiss_rolex-watch es.html said that an Armani watch is a thing of beauty a link:http://www.watchescode.com/ ... Reply 0   0 wow gold  - `WoW GOLD   |123.145.181.xxx |23-08-2010 15:53:01 A Doe had had the misfortune link:http://www.gamegoldweb.com/Aion-online/ to lose one of her eyes, and could not see link:http://www.aionkina4u.com any one approaching her on that side. link:http://www.superpowerleveling.com/powerlevel ing.asp So to avoid any danger link:http://www.fastcabalalz.com she always used link:http://www.aionkinashop.net to feed on a  high cliff near the sea, link:http://www.maplestorymesosstore.com/maple-st ory-power-leveling-servi ces.asp with her sound eye looking towards the land. link:http://www.archlord-gold.com/archlord-power- leveling.asp By this means she could see whenever link:http://www.maxgamegold.com/Eve-Online-53.htm l the hunters ... Reply 0   0 cheap coach handbags  - cheap coach handbags   |121.205.213.xxx |11-05-2011 22:27:52 link:http://www.coach-handbags.org link:http://www.supernfljerseys.com link:http://www.cheapjordansneaker.org link:http://www.supernfljerseys.com link:http://www.coach-handbags.org link:http://www.brand-sports.com link:http://www.brand-sports.com link:http://www.brand-sports.com link:http://www.brand-sports.com link:http://www.supernfljerseys.com link:http://www.cheapjordansneaker.org link:http://www.cheapjordansneaker.org link:http://www.brand-sports.com link:http://www.cheapjordansneaker.org link:http://www.cheapjordansneaker.org link:http://www.cheapjordansneaker.org link:http://www.brand-sports.com link:http://www.brand-sports.com link:http://www.brand-sports.com link:http://www.brand-sports.com link:http://www.b... Reply 0   0 SOCCER CLEATS  - SOCCER CLEATS   |112.111.172.xxx |19-08-2011 14:59:34 link:http://shenhq.parenting.gr/ link:http://shenhq.mylivepage.com/blog/index link:http://www.thoughts.com/SHENHQ link:http://www.mywebprofile.com/user/SHENHQ/blog s link:http://shenhq.over-blog.com/ link:http://www.darksiders.net/user/SHENHQ/blogs   link:http://www.blurty.com/users/shenhq/ link:http://shenhq.fotopages.com/ link:http://www.graphicdesigncommunity.com/blogs. php?action=show_member_b log&ownerID=60089 link:http://gvrl.com/blogsearchresults.asp?basics earch=SHENHQ link:http://www.equestrianblogging.com/blogs/shen hq link:http://shenhq.createblog.com/blog/ link:http://www.safetyissues.com/community/blogs/ posts/SHENHQ link:http://my.opera.com/hqshen/blog/ link:htt... Reply 0   0 Andy   |175.42.32.xxx |20-08-2011 15:33:35 link:http://www.fake-watches-replica.com/audemars -piguet-c-1.htmlcan provide the close look and character that the true matter could only at a practically lower price. There are a lot of accompanies that provide top character link:http://www.fake-watches-replica.com/audemars -piguet-audemars-piguet- classique-collection-watch es-c-1_3.htmlwhich could make a content on your heart. This watch that you are able to like is link:http://www.fake-watches-replica.com/audemars -piguet-audemars-piguet- contemporaine-collection-w atches-c-1_4.htmlbrand. You are able to discover well-favoured link:http://www.fake-watches-replica.com/audemars -piguet-audem... Reply 0   0 flower  - replica lv watches   |123.153.66.xxx |24-08-2011 13:15:21 omega speedmaster watches haile link:http://www.watchesfaner.org/omega-watches.ht ml watches omega buildings tluminor marina watches  link:http://www.canwatch.org/rolex-watches.html fake rolex link:http://www.watchescode.org/tag_heuer-watches .html replica tag heuer replica franck muller watches link:http://www.cor-watches.org/ rado classic watches link:http://www.watchesairs.com/breitling-watches .html replica breitling watches for sale link:http://www.watchestype.net/cartier-watches.h tml replica cartier. Reply 0   0 chloe  - breitling bentley motors watches   |123.153.66.xxx |24-08-2011 15:46:11 tradition watches clement link:http://www.watchesun.net/rolex-watches.html replica rolex watches coming link:http://www.watchestype.net/tag_heuer-watches .html replica tag heuer star watches link:http://www.keepwatches.org/ grand complications watches wide link:http://www.watchesfaner.org/breitling-watche s.html breitling replica brown leaves falling link:http://www.canwatch.org/cartier-watches.html replica cartier watches for sale link:http://www.cor-watches.org/omega-watches.htm l fake omega watches. Reply 0   0 submer  - windrider watches   |123.153.65.xxx |25-08-2011 08:01:16 yachtmaster ii watches link:http://www.watchescode.org/cartier-watches.h tml fake cartier watches link:http://www.keepwatches.org/omega-watches.htm l replica omega iwc watches link:http://www.appwatches.org/rolex-watches.html watches rolex profile watches candidate link:http://www.cor-watches.org/tag_heuer-watches .html tag heuer replica cartier tank solo watches link:http://www.keepwatches.org/ autumn wind blowing gently team link:http://www.watchesun.net/breitling-watches.h tml fake breitling watches. Reply 0   0 Coach Outlet Online  - Coach Outlet Online   |121.158.55.xxx |16-11-2011 13:25:44 One link:http://www.coachsfactoryoutlet.org/ of clothing link:http://www.coachfactorysoutletstoreonline.ne t/ be loose link:http://www.coachfactorystore-online.com/ compliment the link:http://www.coachoutletstoreonline.ca/ of the [url=http://www.coachsfactory- online.net/]Coach Factory[/url]. A loose link:http://www.coachfactorysoutletstoreonline.ne t/ or a skirt link:http://www.coachsfactoryoutlet-online.net/ help the link:http://www.coachfactoryoutletonlineh.com/ Bags flow link:http://www.mycoachfactorystoreonline.org/ what you link:http://www.coachoutletstoreonlineh.com/ wearing. Small link:http://www.coachfactorystore-online.com/ with a link:... Reply 0   0 Powered by !JoomlaComment 3.26

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."