From 2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf Mon Sep 17 00:00:00 2001 From: Florian La Roche Date: Thu, 7 Oct 2004 11:39:38 +0000 Subject: - disallow source routed packets by default --- ChangeLog | 6 ++++++ initscripts.spec | 5 ++++- sysctl.conf | 3 +++ sysctl.conf.s390 | 3 +++ sysctl.conf.sparc | 3 +++ 5 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4288d203..1acf65f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2004-10-07 Florian La Roche + + * ChangeLog, initscripts.spec: 7.89-1 + + * sysctl.conf*: disallow source routed packets per default + 2004-10-06 Bill Nottingham * ChangeLog, initscripts.spec: 7.88-1 diff --git a/initscripts.spec b/initscripts.spec index 867d0f4c..139e8446 100644 --- a/initscripts.spec +++ b/initscripts.spec @@ -1,6 +1,6 @@ Summary: The inittab file and the /etc/init.d scripts. Name: initscripts -Version: 7.88 +Version: 7.89 License: GPL Group: System Environment/Base Release: 1 @@ -207,6 +207,9 @@ rm -rf $RPM_BUILD_ROOT %ghost %attr(0664,root,utmp) /var/run/utmp %changelog +* Thu Oct 07 2004 Florian La Roche +- change /etc/sysctl.conf to not allow source routed packets per default + * Fri Oct 6 2004 Bill Nottingham - 7.88-1 - fix requires diff --git a/sysctl.conf b/sysctl.conf index 044bf27a..db98922f 100644 --- a/sysctl.conf +++ b/sysctl.conf @@ -9,6 +9,9 @@ net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 +# Do not accept source routing +net.ipv4.conf.default.accept_source_route = 0 + # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 diff --git a/sysctl.conf.s390 b/sysctl.conf.s390 index ef22e8bb..0ddc1d55 100644 --- a/sysctl.conf.s390 +++ b/sysctl.conf.s390 @@ -9,6 +9,9 @@ net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 +# Do not accept source routing +net.ipv4.conf.default.accept_source_route = 0 + # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 diff --git a/sysctl.conf.sparc b/sysctl.conf.sparc index d96eafc3..3fc5c31b 100644 --- a/sysctl.conf.sparc +++ b/sysctl.conf.sparc @@ -9,6 +9,9 @@ net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 +# Do not accept source routing +net.ipv4.conf.default.accept_source_route = 0 + # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 -- cgit v1.2.1