r7777 - in trunk/BOOK/postlfs: filesystems security

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Tue Feb 24 01:53:46 PST 2009


Author: bdubbs
Date: 2009-02-24 02:53:46 -0700 (Tue, 24 Feb 2009)
New Revision: 7777

Modified:
   trunk/BOOK/postlfs/filesystems/reiser.xml
   trunk/BOOK/postlfs/security/firewalling.xml
Log:
Typos and a minor change to firewall script


Modified: trunk/BOOK/postlfs/filesystems/reiser.xml
===================================================================
--- trunk/BOOK/postlfs/filesystems/reiser.xml	2009-02-23 16:00:38 UTC (rev 7776)
+++ trunk/BOOK/postlfs/filesystems/reiser.xml	2009-02-24 09:53:46 UTC (rev 7777)
@@ -5,7 +5,7 @@
   %general-entities;
 
   <!ENTITY reiser-download-http "http://www.kernel.org/pub/linux/utils/fs/reiserfs/reiserfsprogs-&reiser-version;.tar.bz2">
-  <!ENTITY reiser-download-ftp  "&sources-anduin-ftp;/r/reiserfsprogs-&reiser-version;.tar.gz">
+  <!ENTITY reiser-download-ftp  "&sources-anduin-ftp;/r/reiserfsprogs-&reiser-version;.tar.bz2">
   <!ENTITY reiser-md5sum        "0639cefac8f8150536cfa7531c2aa2d2">
   <!ENTITY reiser-size          "320 KB">
   <!ENTITY reiser-buildsize     "9.3 MB">

Modified: trunk/BOOK/postlfs/security/firewalling.xml
===================================================================
--- trunk/BOOK/postlfs/security/firewalling.xml	2009-02-23 16:00:38 UTC (rev 7776)
+++ trunk/BOOK/postlfs/security/firewalling.xml	2009-02-24 09:53:46 UTC (rev 7777)
@@ -196,6 +196,7 @@
 
 # Disable Source Routed Packets
 echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
+echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
 
 # Enable TCP SYN Cookie Protection
 echo 1 > /proc/sys/net/ipv4/tcp_syncookies
@@ -203,15 +204,18 @@
 # Disable ICMP Redirect Acceptance
 echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
 
-# Don¹t send Redirect Messages
+# Don't send Redirect Messages
 echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
+echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
 
 # Drop Spoofed Packets coming in on an interface, where responses
 # would result in the reply going out a different interface.
 echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
+echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
 
 # Log packets with impossible addresses.
 echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
+echo 1 > /proc/sys/net/ipv4/conf/default/log_martians
 
 # be verbose on dynamic ip-addresses  (not needed in case of static IP)
 echo 2 > /proc/sys/net/ipv4/ip_dynaddr




More information about the blfs-book mailing list