diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-08-12 22:29:32 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-08-12 22:29:32 +0200 |
commit | 9640cc70c1fe9118a14dd6d60631d29a8cb6d984 (patch) | |
tree | 64da49b26568468ffc0c3f359b67d319f694196c /roles/core/base | |
parent | add datacop key to ele-mon (diff) |
linux/ipv4: disable log_martians by default
Diffstat (limited to 'roles/core/base')
-rw-r--r-- | roles/core/base/vars/main.yml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/roles/core/base/vars/main.yml b/roles/core/base/vars/main.yml index 9940d7a6..2312a8b9 100644 --- a/roles/core/base/vars/main.yml +++ b/roles/core/base/vars/main.yml @@ -11,9 +11,9 @@ base_sysctl_config: net.ipv4.conf.all.rp_filter: 1 net.ipv4.conf.default.rp_filter: 1 - # Log packets with impossible addresses to kernel log? yes - net.ipv4.conf.all.log_martians: 1 - net.ipv4.conf.default.log_martians: 1 + # disable logging of packets with impossible addresses + net.ipv4.conf.all.log_martians: 0 + net.ipv4.conf.default.log_martians: 0 # Reduce the surface on SMURF attacks. # Make sure to ignore ECHO broadcasts, which are only required in broad network analysis. |