On Mon, 29 Nov 2004 12:40:14 +0100, Ralf Ertzinger wrote:
net.ipv4.conf.all.rp_filter (current: 0, proposed: 1)
1 is already the default in /etc/sysctl.conf although it's set as
net.ipv4.conf.default.rp_filter which should be the right way, as far as I
know. sysctl.conf is part of the "initscripts" package.
net.ipv4.conf.all.accept_redirects (current: 1, proposed: 0)
I don't have an opinon on this one, so for me, it's OK to use the kernel's
default value.
net.ipv4.icmp_echo_ignore_broadcasts (current: 0, proposed: 1)
I actually find it useful that ping broadcasts are allowed, to be able to
quickly see which hosts are up.
net.ipv4.icmp_ignore_bogus_error_responses (current: 0, proposed: 1)
No opinion.
--
Greetings from Troels Arvin, Copenhagen, Denmark