iptables (sysctl.conf)
Este arquivo existe nas distros RedHat, deve ficar em /etc, e é uma forma de automatizar o mascaramento (NAT) sem ter que acrescentar nos scripts uma linha como 'echo 1 > /proc/sys/net/ipv4/ip_forward'.
# If active, enablles IPv4 packet forwarding # o parâmetro abaixo deve ser ativado (1) para o mascaramento ser automatico net.ipv4.ip_forward = 1 # If active, enables source route verification net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # If active, enables the magic-sysrq key (alt+sysRq) kernel.sysrq = 1 # If active, logs 'impossible' source addresses net.ipv4.conf.all.log_martians = 1 # If active, rewrites outgoing IP packets if address changes net.ipv4.ip_dynaddr = 0 # If active, ignores ICMP with broadcast destination net.ipv4.icmp_echo_ignore_broadcasts = 1 # If active, accepts IP packets with source route info net.ipv4.conf.all.accept_source_route = 0 # If active, ignores all ICMP requests net.ipv4.icmp_echo_ignore_all = 0 # Mask made of ICMP types for which rates are being limited. # Default: 6168 # Note: 6168 = 0x1818 = 1<<ICMP_DEST_UNREACH + 1<<ICMP_SOURCE_QUENCH + # 1<<ICMP_TIME_EXCEEDED + 1<<ICMP_PARAMETERPROB, which means # dest unreachable (3), source quench (4), time exceeded (11) # and parameter problem (12) ICMP packets are rate limited # (check values in icmp.h) # 6169 also limits echo_reply's net.ipv4.icmp_ratemask = 6169 # ICMP ratelimit, in jiffies # 1 jiffie = 1/100s in Intel, 1/1024s in Alpha net.ipv4.icmp_ratelimit = 100 # If active, uses TCP SYN cookies net.ipv4.tcp_syncookies = 1 # If active, accepts ICMP redirect orders net.ipv4.conf.all.accept_redirects = 0 # rtc setup (you have to load rtc kernel module in /etc/rc.modules # for this work properly.) #dev.rtc.max-user-freq = 1024
