Playing with /proc
Roy Valiant
roy.valiant@rri-medtech.com
Wed, 15 Aug 2001 14:18:31 -0500
Hello everyone,
I have an old firewall script that was placed on a RedHat 6.2
box using ipchains by someone that used to work here. It seems to
work great and I pretty much get everything that he is trying to do in
the rules. He does have a section however that sets a LOT of values
in various /proc files. I am building a replacement box for this with
newer hardware and all that. I'm going with RedHat 7.1, iptables, and
the 2.4.3-12 kernel.
The big question is this: do I need all these /proc assignments?
I am listing the section below for your perusal.
Thanks in advance.
Roy Alan
--- begin listing ---
echo "Enabling ICMP Ignore Broadcasts"
echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "Enabling ICMP Ignore Bogus Error Response"
echo "1" >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "Setting ICMP Echo Reply Rate to 100"
echo "100" >/proc/sys/net/ipv4/icmp_echoreply_rate
echo "Enabling IP Defragmentation"
echo "1" >/proc/sys/net/ipv4/ip_always_defrag
echo "Enabling Dynamic TCP/IP Address Hacking"
echo "1" >/proc/sys/net/ipv4/ip_dynaddr
echo "Disabling TIME-WAIT Assassination Hazards"
echo "1" >/proc/sys/net/ipv4/tcp_rfc1337
echo "Enabling TCP SYN Cookie Protection"
echo "1" >/proc/sys/net/ipv4/tcp_syncookies
echo "all: Enabling Logging of Spoofed, Source-Routed, & Redirect Packets"
echo "1" >/proc/sys/net/ipv4/conf/all/log_martians
echo "default: Disabling Redirects"
echo "0" >/proc/sys/net/ipv4/conf/default/accept_redirects
echo "default: Disabling Source Routing"
echo "0" >/proc/sys/net/ipv4/conf/default/accept_source_route
echo "default: Enabling Logging of Spoofed, Source-Routed, & Redirect
Packets"
echo "1" >/proc/sys/net/ipv4/conf/default/log_martians
echo "default: Disabling IP Spoofing"
echo "1" >/proc/sys/net/ipv4/conf/default/rp_filter
echo "eth0: Disabling Redirects"
echo "0" >/proc/sys/net/ipv4/conf/eth0/accept_redirects
echo "eth0: Disabling Source Routing"
echo "0" >/proc/sys/net/ipv4/conf/eth0/accept_source_route
echo "eth0: Enabling Logging of Spoofed, Source-Routed, & Redirect Packets"
echo "1" >/proc/sys/net/ipv4/conf/eth0/log_martians
echo "eth0: Disabling IP Spoofing"
echo "1" >/proc/sys/net/ipv4/conf/eth0/rp_filter
echo "eth3: Disabling Redirects"
echo "0" >/proc/sys/net/ipv4/conf/eth3/accept_redirects
echo "eth3: Disabling Source Routing"
echo "0" >/proc/sys/net/ipv4/conf/eth3/accept_source_route
echo "eth3: Enabling Logging of Spoofed, Source-Routed, & Redirect Packets"
echo "1" >/proc/sys/net/ipv4/conf/eth3/log_martians
echo "eth3: Disabling IP Spoofing"
echo "1" >/proc/sys/net/ipv4/conf/eth3/rp_filter
echo "lo: Disabling Redirects"
echo "0" >/proc/sys/net/ipv4/conf/lo/accept_redirects
echo "lo: Disabling Source Routing"
echo "0" >/proc/sys/net/ipv4/conf/lo/accept_source_route
echo "lo: Enabling Logging of Spoofed, Source-Routed, & Redirect Packets"
echo "1" >/proc/sys/net/ipv4/conf/lo/log_martians
echo "lo: Disabling IP Spoofing"
echo "1" >/proc/sys/net/ipv4/conf/lo/rp_filter
--- end listing ---