More ip rules

2016-11-30 16:18:40 +00:00 · 2016-11-30 16:18:40 +00:00 · b399c50c26
parent d4c07b2cc8
commit b399c50c26
1 changed files with 18 additions and 0 deletions
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@ -160,6 +160,24 @@ function configure_internet_protocol {
        echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
        echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
    fi
+    if ! grep -q "net.ipv4.conf.default.send_redirects" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.default.send_redirects.*|net.ipv4.conf.default.send_redirects = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.default.send_redirects.*|net.ipv4.conf.default.send_redirects = 0|g" /etc/sysctl.conf
+    fi
+    if ! grep -q "net.ipv4.conf.all.secure_redirects" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.all.secure_redirects.*|net.ipv4.conf.all.secure_redirects = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.all.secure_redirects.*|net.ipv4.conf.all.secure_redirects = 0|g" /etc/sysctl.conf
+    fi
+    if ! grep -q "net.ipv4.conf.default.accept_source_route" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.default.accept_source_route.*|net.ipv4.conf.default.accept_source_route = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.default.accept_source_route.*|net.ipv4.conf.default.accept_source_route = 0|g" /etc/sysctl.conf
+    fi
    mark_completed $FUNCNAME
 }