Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Blogs > arniekat
User Name


Rate this Entry


Posted 06-22-2014 at 06:54 PM by arniekat

This file is set up for a Slackware 14.1 Desktop Machine. The only sysctl variables enabled are the ones that need to be changed from the standard Slackware settings. It is in the bottom section.

You can copy the bottom portion as /etc/sysctl.conf and change the permissions:

chown root:root /etc/sysctl.conf
chmod 0440 /etc/sysctl.conf

NOTE - If you use the firewall script from Slax-7.0.8 as /etc/rc.d/rc.firewall be sure that it does not have sysctl variables set if you are going to use a separate file for /etc/sysctl.conf! Also, Arno-Iptables-Firewall does not require an /etc/sysctl.conf file since the application sets the kernel parameters.

You can check your own settings by the following commands:

cat /proc/sys/net/ipv4/tcp_max_syn_backlog

sysctl net/ipv4/tcp_max_syn_backlog
net.ipv4.tcp_max_syn_backlog = 128

sysctl net.ipv4.tcp_max_syn_backlog
net.ipv4.tcp_max_syn_backlog = 128

The following is included for reference and information. Since they are already set to recommended best practices, I am just showing them for completeness. You can read more regarding these kernel settings at:


Enable logging of packets with malformed IP addresses. Note that this setting uses a lot of log space in /var/log
Slackware 14.1 Default net.ipv4.conf.all.log_martians = 0

Disable source routed packets
Slackware 14.1 Default net.ipv4.conf.all.accept_source_route = 0

Turn on protection from Denial of Service (DOS) attacks
Slackware 14.1 Default net.ipv4.tcp_syncookies = 1

Disable responding to ping broadcasts
Slackware 14.1 Default net.ipv4.icmp_echo_ignore_broadcasts = 1

Enable IP routing. Required if your firewall is protecting a network, NAT included
Slackware 14.1 Default net.ipv4.ip_forward = 0

# vi /etc/sysctl.conf

# Disable routing triangulation. Respond to queries out
# the same interface, not another. Helps to maintain state
# Also protects against IP spoofing
net.ipv4.conf.all.rp_filter = 1

# Disable redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disable acceptance of ICMP redirects
net.ipv4.conf.all.accept_redirects = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Disable source routing
net.ipv4.conf.default.accept_source_route = 0

# Disable TCP Timestamps
net.ipv4.tcp_timestamps = 0

# Blocks the reporting of known kernel address leaks
kernel.kptr_restrict = 1

# Turns off Kernel Module loading! Be sure whether you really need this!
# You will NOT be able to load Kernel Modules after it is set!
kernel.modules_disabled = 1

Save the file, exit, and make sure the permissions are correct.
Posted in Uncategorized
Views 1801 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 07:26 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration