Tujuan dari penulisan ini adalah untuk melindungi server dari serangan DOS maupun Spoofing. Disini dituliskan contoh konfigurasi sysctl.conf yang baik. Sebagai catatan, dalam konfigurasi ini saya menggunakan eth0 sebagai primary networking interface.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456

 

#Ignore Ping
net.ipv4.icmp_echo_ignore_all = 0

#Ignore Broadcast ICMP Request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

 

Apablia ditemukan masalah atau ada referensi yang lebih baik silahkan isi komentar.

 

linuxforums.org

eth0.us

Comments

Add New Search RSS

Anonymous   |222.174.116.xxx |14-06-2010 13:04:28 Do you want to have a Particularly cheap and attractive dress?Don't hesitate and hurry to our website.Look forward to this mini Christian Louboutinshoes,with this stylish Herve Leger,We firmly believe that they can make you the most charming among the crowd.You must often have no choice to wear what shoes to leisure or sports,do't worry and hurry to buy our leisure partners Vibram Five Fingers and sports partners MBT Shoes,then you will never worry about wearing what shoes.Don't forget our discounted Jimmy Choo Shoes and Manolo Blahnik Shoes and our cheap P90X DVD,you must have a special fond of it,quickly swing into action right now my friends! Vivienne Westwood Shoes Vivienne Westwood Sa... Reply | Quote 0   0 ads  - ads   |125.69.136.xxx |19-07-2010 13:21:33 i believe you are a good writer, but have you erver thought to write some special artcals for peopel who likes shopping very much. for exaple, the artical aboutreplica louis vuitton bags orvibram,ghd flat iron orchristian shoes,cheap ugg bootsand replica watches swiss made as well asjordan shoes salechi flat iron,discount nfl team apparel, t shirts. i think more and more people would comr to read your blogs. air jordan 12 air jordan xii air jordan retro 12 air jordan retro xii air jordan 11 air jordan xi air jordan retro 11 air jordan retro xi air jordan 3 air jordan iii air jordan retro 3 air jordan retro iii air jordan 12 air jordan xii air jordan retro 12 air jordan retro xii air jordan 13 air jordan xiii Reply | Quote 0   0 yuyangguoji  - lw   |222.174.116.xxx |20-07-2010 10:29:20 I firmly believe you need the Action Adventure with reasonable price that with the high quality,and we will let your dream come true,a bloody cool boy is born with our mbt boots in the crowd.So don't hesitate,just come to our online shop to catch the opportunity once in the blue moon,to pick up and buy our workout dvd,a wide range from mbt boots,sport shoes and wholesale mbt to p90x fitness.Of course we are sure you will not miss our fantasy cheap video. Men MBT M.Walk shoes,cheap MBT M.Walk shoes,cheap Women MBT M.Walk shoes,cheap Men MBT M.Walk shoes,MBT Lami shoes,cheap MBT Lami shoes,MBT Lami shoes sale,MBT Lami shoes for sale,cheap MBT Lami shoes sale,MBT Sport Shoes,cheap MBT Sport Shoes,MBT Spor... Reply | Quote 0   0 babydoll     |120.36.36.xxx |20-07-2010 13:15:37 Now lots of people buy adult *** product to improve *** life high stocking,we supply all kinds of adult *** product Long Lady Stocking,because we are manufacture and have our factory women stocking,our product are all safe and wholesale wife babydoll,welcome to visit our store pijamas,all kinds of adult *** product for female and male open bust babydoll, you will buy your love *** product from our store Strap on dildos,adult *** product will greatly improve the quality of your *** life stocking online,*** life is very important baby doll nighties,*** life is harmonious babydoll costumes,the life is happies Wholesale Long Stocking,you can introduce your family and friend to visit our store Finger vibrators,best wi... Reply | Quote 0   0 Anonymous   |117.26.227.xxx |02-08-2010 13:18:54 Badminton activities include the intentions of the tactics of each other, for all aircraft to oneself, use what tactics and intelligence, so often in the exercise can make people thinking agility. At the same time, because of the game, the fierce competition tension, enables practitioner of psychological quality good exercise, in the competition, strengthen the enterprising spirit, make the person's intelligence, brave, in competition and struggle. Through this training, can achieve unflappable and survive, the wisdom and cultivate jordan retro air jordan retro nike outlet mbt outlet cheap mbt shoes mbt walking shoes mbt discount Vibram Five Fi... Reply | Quote 0   0 karl  - tag heuer aquaracer watches   |123.158.164.xxx |04-08-2010 09:08:34 reason why we are The Largest World Wide Online replica franck muller watches are also some sporty watches from this watch brand fake tag heuer omega watches if you want to buy designer and get what you pay fake oris watch cartier baignoire watches the classic air of the lady who is wearing it fake breitling watch cartier tortue watches directly on sunlight as it will make the leather swiss rolex watches said that an Armani watch is a thing of beauty a replica watches now re emerging Armand Nicolet manufacture was in replica rolex vintage pieces that is sure to attract bidders cartier 21 chronoscaph history having flown all night long powered only replica watches diamond watch exquisitely and draw even more fake ... Reply | Quote 0   0 wow gold  - `WoW GOLD     |123.145.181.xxx |23-08-2010 15:53:01 A Doe had had the misfortune Aion gold to lose one of her eyes, and could not see aion gold any one approaching her on that side.World of Warcraft power leveling So to avoid any danger cabal alz she always used aion kinah to feed on a high cliff near the sea,maple story power leveling with her sound eye looking towards the land. archlord power leveling By this means she could see whenever eve isk the hunters approached her on land,replica rolexand often escaped by this means.2moons gold But the hunters found out rom gold that she was blind of one eye,world of warcraft gold and hiring a boat 2moons dil rowed under the cliff where she used to feed and aion kinah shot her from the sea.last chaos gold "Ah," cried she with her dyi... Reply | Quote 0   0 cheap coach handbags  - cheap coach handbags     |121.205.213.xxx |11-05-2011 22:27:52 coach handbags Wholesale NBA Jerseys cheap jordan sneaker Cheap NFL Jerseys women's coach handbags cheap air jordan sneakers air jordan sneakers 2011 wholesale nba jerseys air max sneakers Wholesale NHL Jerseys jordan sneaker 2011 wholesale air max sneaker coach handbags air max 24-7 sneaker nike air force basketball sneaker Vibram five fingers shoes wholesale nfl jerseys coach handbags wholesale nhl jerseys wholesale nhl jerseys nike air jordan shoeswholesale mlb jerseys wholesale coach handbags outlet Vibram five fingers shoes designer coach handbags outlet Wholesale MLB Jerseys cheap coach wallets wholesale nfl jerseys wholesale mlb jerseys polo T-Shirts ed-hardy T-shirts Reply | Quote 0   0 SOCCER CLEATS  - SOCCER CLEATS     |112.111.172.xxx |19-08-2011 14:59:34 http://shenhq.parenting.gr/ http://shenhq.mylivepage.com/blog/index/ http://www.thoughts.com/SHENHQ http://www.mywebprofile.com/user/SHENHQ/blogs http://shenhq.over-blog.com/ http://www.darksiders.net/user/SHENHQ/blogs http://www.blurty.com/users/shenhq/ http://shenhq.fotopages.com/ http://www.graphicdesigncommunity.com/blogs.php... http://gvrl.com/blogsearchresults.asp?basicsear... http://www.equestrianblogging.com/blogs/shenhq http://shenhq.createblog.com/blog/ http://www.safetyissues.com/community/blogs/pos... http://my.opera.com/hqshen/blog/ http://shenhq.inube.com/blog/ http://shenhq.blog.163.com/ http://hi.baidu.com/shen2011hq/blog http://blog.sina.com.cn/u/2201013844 http://17312757.blog.hexun.com/ http://blog.s... Reply | Quote 0   0 Andy   |175.42.32.xxx |20-08-2011 15:33:35 Audemars Piguetcan provide the close look and character that the true matter could only at a practically lower price. There are a lot of accompanies that provide top character Audemars Piguet Classique Collection watcheswhich could make a content on your heart. This  watch that you are able to like isAudemars Piguet Contemporaine Collection watchesbrand. You are able to discover well-favoured Audemars Piguet Sport Collection watchesthat will agree your daily closet for a identical low-cost . Alongside from the popular looking that can take out of having Bume & Mercier watches, they are very tolerant for daily use too. Just same as the creativewatch Baume & Mercier CapeLand watches some replica.... Reply | Quote 0   0 flower  - replica lv watches     |123.153.66.xxx |24-08-2011 13:15:21 omega speedmaster watches haile fake omega watches watches omega buildings tluminor marina watches fake rolex watches for sale fake rolex tag heuer watches replica tag heuer replica franck muller watches fake watches rado classic watches replica breitling watches for sale replica breitling watches for sale fake cartier watches replica cartier. Reply | Quote 0   0 chloe  - breitling bentley motors watches     |123.153.66.xxx |24-08-2011 15:46:11 tradition watches clement replica rolex watches for sale replica rolex watches coming tag heuer replica replica tag heuer star watches replica watch grand complications watches wide replica breitling breitling replica brown leaves falling replica cartier watches for sale replica cartier watches for sale watches omega fake omega watches. Reply | Quote 0   0 submer  - windrider watches     |123.153.65.xxx |25-08-2011 08:01:16 yachtmaster ii watches watches cartier fake cartier watches replica omega watches for sale replica omega iwc watches fake rolex watches watches rolex profile watches candidate replica tag heuer watches for sale tag heuer replica cartier tank solo watches replica watch autumn wind blowing gently team breitling replica fake breitling watches. Reply | Quote 0   0 Coach Outlet Online  - Coach Outlet Online     |121.158.55.xxx |16-11-2011 13:25:44 One Coach Factory Outlet of clothing Coach Online Outlet be loose Coach Outlet Store Online compliment the Coach Outlet Store Online of the [url=http://www.coachsfactory- online.net/]Coach Factory[/url]. A loose Coach Factory Outlet or a skirt Coach Factory Online help the Coach Outlet Online Bags flow Coach Factory Outlet what you Coach Store Online wearing. Small Coach Factory Store Online with a Coach Outlet Online strap are Coach Outlet Store to be matched Coach Factory Store a sun dress Coach Online Outlet Store jeans with Coach Outlet snug top. Coach Outlet Online type of Coach Outlet Online is the Coach Factory to wear Coach Outlet Store Online is usually Coach Factory Outlet ... Reply | Quote 0   0 Coach Outlet Online  - Coach Outlet Online     |65.113.35.xxx |05-12-2011 09:44:05 A classic Coach Outlet post-win celebration Coach Outlet Online Louis Vuitton Outlet turned into Louis Vuitton Outlet Coach Factory Outlet Coach Factory Outlet Online a stampede Saturday Coach Outlet Coupon Coach Purse Outlet Coach Factory Outlet Coach Outlet Store Online as thousands of fans Coach Outlet Coupons Coach Factory Store Online Louis Vuitton Outlet Coach Online Outlet Store stormed the Oklahoma Coach Factory Store Online Coach Outlets Coach Outlet Purses Coach Outlet Stores State football Burberry Scarf Coach Outlet Store Coach Outlet Online Coach Online Factory Store field to celebrate the Cowboys Reply | Quote 0   0 Powered by !JoomlaComment 3.26

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."