Sophie

Sophie

distrib > Mandriva > current > x86_64 > by-pkgid > 1ce06b7e4b842e06cfa3cf3c00bf6114 > files > 2

ipkungfu-0.6.1-6mdv2010.0.noarch.rpm

# =======================================================================
# $Id: advanced.conf 127 2005-12-08 02:41:56Z trappist $
# =======================================================================

#### Advanced Configuration Options #############################

#############################################################
## Feel free to modify these settings if you know what you ##
## are doing, but most people won't need to mess with this ##
## section. Please read the README and FAQ for more info.  ##
#############################################################

# If you are trying to get an internet game to work 
# through your IP MASQ box, and you have set it up to 
# the best of your ability without it working, try
# enabling this option.  This option is disabled by 
# default due to possible internal machine UDP port 
# scanning vulnerabilities.
# Set to 1 for yes 0 for no
LOOSE_UDP_PATCH=0

# Log spoofed packets coming in on your external interface
# This is not done via iptables, so the logs will be in
# the syslog file for your kernel even if you use ulogd.
LOG_MARTIANS=1

# There is a bug in current (at the time of this release)
# Linux kernels that may allow some packets to leave the
# local network with their original source IP address 
# intact.  This does not pose a significant risk, but by
# default we try to prevent it with this rule by
# disallowing packets whose conntrack state is 'INVALID'
# in the FORWARD chain.  Comment this directive or set it
# to 0 to disable.
MASQUERADE_FIX=1

# From the tcp man page:
# How  many  seconds  to  wait for a final FIN packet
# before the socket  is  forcibly  closed.   This  is
# strictly  a violation of the TCP specification, but
# required to prevent denial-of-service attacks.
FIN_TIMEOUT=30

# The number of seconds after no data has been trans-
# mitted  before  a keep-alive will be sent on a con-
# nection.
TCP_KEEPALIVE=1800

# See rfc 1323
# http://rfc.net/rfc1323.html
TCP_WINDOW_SCALING=1

# See rfc 2018
# http://rfc.net/rfc2018.html
TCP_SACK=0

# man tcp for more info
MAX_SYN_BACKLOG=1280

# man icmp
ICMP_ECHO_IGNORE_BROADCASTS=1

# See http://www.linuxia.de/netfilter.en.html#221
# This setting won't have any effect right now
# since ipkungfu doesn't use the QUEUE target
IP_QUEUE_MAXLEN=2048

# man tcp
TCP_TIMESTAMPS=0

# This option will cause the kernel to drop packets with malformed
# headers, bad checksums, etc.  The default is 0 because it is
# considered experimental and can possible drop legal packets.
DROP_UNCLEAN=0

# You may want to increase this number for servers
SYN_FLOOD=10
SYN_FLOOD_BURST=24

# Support for tcp syn cookies (must be enabled in your
# kernel, check kernel docs for details)
SYN_COOKIES=1

# Uncomment this field to set the TTL for outgoing packets.  This
# helps to foil ISPs (or anyone else) who's trying to determine
# whether this machine is a gateway for other machines on your
# network.
# A too low value will effectively break your internet connection.
# See also:
# http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TTLTARGET
#TTL=126

# By default ipkungfu uses the multiport match from iptables to
# match multiple ports for a number of situations. This is more
# efficient, since a single rule is parsed rather than one for
# each port. If your kernel lacks this functionality, or if you
# need to use more ports than are supported (15), ipkungfu can
# create a rule for each port instead, with some cost to
# efficiency.
ALLOWED_TCP_IN_USE_MULTIPORT=1
ALLOWED_UDP_IN_USE_MULTIPORT=1
DONT_LOG_TCP_USE_MULTIPORT=1
DONT_LOG_UDP_USE_MULTIPORT=1

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional