forked from freifunk-franken/firmware
Fabian Bläse
39df9ba501
The net.ipv4.netfilter.ip* sysctls have been moved to net.netfilter.nf* a long time ago, so they have been useless in our firmware for quite a while. It probably originally has been added because it was included in the OpenWrt defaults and in earlier versions of our firmware the OpenWrt defaults file got overwritten by our own one. Because there does not seem to be any obvious reason to keep them (they have been added without a comment in the commit or file) and they have been inactive ever since they were moved in the kernel, they are removed completely instead of using the correct path. Fixes: #42 (gitea) Signed-off-by: Fabian Bläse <fabian@blaese.de> Reviewed-by: Christian Dresel <freifunk@dresel.systems>
59 lines
1.9 KiB
Plaintext
59 lines
1.9 KiB
Plaintext
net.ipv4.conf.default.arp_ignore=1
|
|
net.ipv4.conf.all.arp_ignore=1
|
|
net.ipv4.conf.all.forwarding=0
|
|
net.ipv4.conf.all.send_redirects=0
|
|
net.ipv4.tcp_ecn=0
|
|
net.ipv4.tcp_fin_timeout=30
|
|
net.ipv4.tcp_keepalive_time=120
|
|
net.ipv4.tcp_syncookies=1
|
|
net.core.netdev_max_backlog=30
|
|
net.netfilter.nf_conntrack_checksum=0
|
|
|
|
#Controls source route verification
|
|
net.ipv4.conf.default.rp_filter=1
|
|
|
|
#Do not accept source routing
|
|
net.ipv4.conf.all.accept_source_route=0
|
|
net.ipv4.conf.all.accept_redirects=0
|
|
net.ipv4.conf.default.accept_source_route=0
|
|
net.ipv4.conf.default.accept_redirects=0
|
|
net.ipv4.icmp_echo_ignore_broadcasts=1
|
|
net.ipv4.icmp_ignore_bogus_error_responses=1
|
|
net.ipv4.ip_forward=0
|
|
|
|
# disable bridge firewalling by default
|
|
net.bridge.bridge-nf-call-arptables=0
|
|
net.bridge.bridge-nf-call-ip6tables=0
|
|
net.bridge.bridge-nf-call-iptables=0
|
|
|
|
net.ipv6.conf.default.accept_dad=0
|
|
net.ipv6.conf.default.accept_ra=0
|
|
net.ipv6.conf.default.accept_redirects=0
|
|
net.ipv6.conf.all.accept_dad=0
|
|
net.ipv6.conf.all.accept_ra=0
|
|
net.ipv6.conf.all.accept_redirects=0
|
|
|
|
# Accept Router Preference in RA?
|
|
net.ipv6.conf.default.accept_ra_rtr_pref = 0
|
|
net.ipv6.conf.all.accept_ra_rtr_pref = 0
|
|
|
|
# Learn Prefix Information in Router Advertisement
|
|
net.ipv6.conf.default.accept_ra_pinfo = 0
|
|
net.ipv6.conf.all.accept_ra_pinfo = 0
|
|
|
|
# Setting controls whether the system will accept Hop Limit settings from a router advertisement
|
|
net.ipv6.conf.default.accept_ra_defrtr = 0
|
|
net.ipv6.conf.all.accept_ra_defrtr = 0
|
|
|
|
#router advertisements can cause the system to assign a global unicast address to an interface
|
|
net.ipv6.conf.default.autoconf = 0
|
|
net.ipv6.conf.all.autoconf = 0
|
|
|
|
#how many neighbor solicitations to send out per address?
|
|
net.ipv6.conf.default.dad_transmits = 3
|
|
net.ipv6.conf.all.dad_transmits = 3
|
|
|
|
# Enable forwarding, otherwise not all local route are examined
|
|
net.ipv6.conf.all.forwarding=1
|
|
net.ipv6.conf.default.forwarding=0
|