From 9640cc70c1fe9118a14dd6d60631d29a8cb6d984 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 12 Aug 2021 22:29:32 +0200
Subject: linux/ipv4: disable log_martians by default

---
 roles/core/base/vars/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'roles/core')

diff --git a/roles/core/base/vars/main.yml b/roles/core/base/vars/main.yml
index 9940d7a6..2312a8b9 100644
--- a/roles/core/base/vars/main.yml
+++ b/roles/core/base/vars/main.yml
@@ -11,9 +11,9 @@ base_sysctl_config:
   net.ipv4.conf.all.rp_filter: 1
   net.ipv4.conf.default.rp_filter: 1
 
-  # Log packets with impossible addresses to kernel log? yes
-  net.ipv4.conf.all.log_martians: 1
-  net.ipv4.conf.default.log_martians: 1
+  # disable logging of packets with impossible addresses
+  net.ipv4.conf.all.log_martians: 0
+  net.ipv4.conf.default.log_martians: 0
 
   # Reduce the surface on SMURF attacks.
   # Make sure to ignore ECHO broadcasts, which are only required in broad network analysis.
-- 
cgit v1.2.3