← Back to branch summary

~ubuntu-branches/ubuntu/trusty/ufw/trusty-proposed

~ubuntu-branches/ubuntu/trusty/ufw/trusty-proposed

« back to all changes in this revision

Viewing changes to conf/sysctl.conf

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2010-01-30 09:42:05 UTC
mfrom: (30.1.8 upstream)
Revision ID: james.westby@ubuntu.com-20100130094205-8wsowzipc32k48yy

Tags: 0.29.3-0ubuntu1

https://launchpad.net/bugs/490366

https://launchpad.net/bugs/512131

https://launchpad.net/bugs/488032

https://launchpad.net/bugs/513387

https://launchpad.net/bugs/503039

https://launchpad.net/bugs/488032

* New upstream release. Fixes:
  LP: #490366
  LP: #512131
  LP: #488032
  LP: #513387
* debian/ufw.upstart.ubuntu: start before an interface receives traffic
* debian/postinst: don't sed or chmod a file that doesn't exist
  (LP: #503039)
* debian/after*.rules.md5sum: updated for ucf (added additional sums for
  people using the workaround in LP: #488032)

files removed:
locales/mo/ar.mo

locales/mo/bg.mo

locales/mo/ca.mo

locales/mo/cs.mo

locales/mo/da.mo

locales/mo/de.mo

locales/mo/el.mo

locales/mo/en_AU.mo

locales/mo/en_GB.mo

locales/mo/fi.mo

locales/mo/fr.mo

locales/mo/he.mo

locales/mo/hu.mo

locales/mo/id.mo

locales/mo/it.mo

locales/mo/nb.mo

locales/mo/nl.mo

locales/mo/pl.mo

locales/mo/pt.mo

locales/mo/pt_BR.mo

locales/mo/ru.mo

locales/mo/sk.mo

locales/mo/sl.mo

locales/mo/sr.mo

locales/mo/sv.mo

locales/mo/tl.mo

locales/mo/zh_CN.mo

files modified:
ChangeLog

Makefile

README

conf/after.rules

conf/after6.rules

conf/sysctl.conf

conf/ufw.conf

debian/after.rules.md5sum

debian/after6.rules.md5sum

debian/changelog

debian/postinst

doc/ufw-framework.8

doc/ufw.8

locales/po/ufw.pot

setup.py

src/backend_iptables.py

src/ufw-init-functions

tests/bugs/misc/result

tests/bugs/misc/runtest.sh

tests/good/logging/result

tests/good/logging/runtest.sh

tests/root/bugs/result

tests/root/bugs/runtest.sh

tests/root/live/result

tests/root/live/runtest.sh

tests/root/valid/runtest.sh

tests/root/valid6/runtest.sh

Show diffs side-by-side

added added

removed removed

conf/sysctl.conf

10

10

11

11

# Turn on Source Address Verification in all interfaces to prevent some

12

12

# spoofing attacks

13

net/ipv4/conf/default/rp_filter=1

13

14

net/ipv4/conf/all/rp_filter=1

14

net/ipv4/conf/default/rp_filter=1

15

15

16

16

# Do not accept IP source route packets (we are not a router)

17

net/ipv4/conf/default/accept_source_route=0

17

18

net/ipv4/conf/all/accept_source_route=0

18

net/ipv4/conf/default/accept_source_route=0

19

net/ipv6/conf/default/accept_source_route=0

19

20

net/ipv6/conf/all/accept_source_route=0

20

net/ipv6/conf/default/accept_source_route=0

21

21

22

22

# Disable ICMP redirects. ICMP redirects are rarely used but can be used in

23

23

# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate

24

24

# traffic to those sites.

25

net/ipv4/conf/default/accept_redirects=0

25

26

net/ipv4/conf/all/accept_redirects=0

26

net/ipv4/conf/default/accept_redirects=0

27

net/ipv6/conf/default/accept_redirects=0

27

28

net/ipv6/conf/all/accept_redirects=0

28

net/ipv6/conf/default/accept_redirects=0

29

29

30

30

# Ignore bogus ICMP errors

31

31

net/ipv4/icmp_echo_ignore_broadcasts=1

33

33

net/ipv4/icmp_echo_ignore_all=0

34

34

35

35

# Don't log Martian Packets (impossible packets)

36

net/ipv4/conf/default/log_martians=0

36

37

net/ipv4/conf/all/log_martians=0

37

net/ipv4/conf/default/log_martians=0

38

38

39

39

# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling

40

40

# (http://lkml.org/lkml/2008/2/5/167)

Older »