On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax.
I'd change this comment to at least drop the silly ascii smiley face: # makes you vulnerable or not :-) and try to elaborate more, e.g. # if not functioning as a router, there is no need to accept redirects or source routes
And maybe add the corresponding ipv6 settings too, since this is 2012.
Sure. I also got an email from a user who suggested to remove them (the accept_redirects and source_route) as well as the forwarding as they are are turned off by default. What do you think about that? I think we can keep them. The old procps sysctl.conf has the forward option and the redirect is probably a common option too. Eric
-Dan