# Disables packet forwarding
net.ipv4.ip_forward = 1

# Enable SYN-cookies: stop a SYN flood
net.ipv4.tcp_syncookies = 1

# Ignore all broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Ignore bogus error responses
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Ignore all ICMP ping, et al
net.ipv4.icmp_echo_ignore_all = 0

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Log packets from impossible addresses
net.ipv4.conf.all.log_martians = 1

# Do NOT accept ICMP redirects (redirecting to new gateway)
net.ipv4.conf.all.accept_redirects = 0

# Do NOT generate ICMP redirects
net.ipv4.conf.all.send_redirects = 0

# Do NOT accept source routed packets
net.ipv4.conf.all.accept_source_route = 0

# Enables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 1

# Enables the magic-sysrq key
# -- only present in recent Oxygen 2.2.17 kernels
kernel.sysrq = 1