From b399c50c2626e99be6880d07975a38a58f6c13b8 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Wed, 30 Nov 2016 16:18:40 +0000
Subject: [PATCH] More ip rules

---
 src/freedombone-utils-firewall | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index c88495b14..1c4c00caa 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -160,6 +160,24 @@ function configure_internet_protocol {
         echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
         echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
     fi
+    if ! grep -q "net.ipv4.conf.default.send_redirects" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.default.send_redirects.*|net.ipv4.conf.default.send_redirects = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.default.send_redirects.*|net.ipv4.conf.default.send_redirects = 0|g" /etc/sysctl.conf
+    fi
+    if ! grep -q "net.ipv4.conf.all.secure_redirects" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.all.secure_redirects.*|net.ipv4.conf.all.secure_redirects = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.all.secure_redirects.*|net.ipv4.conf.all.secure_redirects = 0|g" /etc/sysctl.conf
+    fi
+    if ! grep -q "net.ipv4.conf.default.accept_source_route" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.default.accept_source_route.*|net.ipv4.conf.default.accept_source_route = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.default.accept_source_route.*|net.ipv4.conf.default.accept_source_route = 0|g" /etc/sysctl.conf
+    fi
     mark_completed $FUNCNAME
 }
 
-- 
GitLab