aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian La Roche <laroche@redhat.com>2004-10-07 11:39:38 +0000
committerFlorian La Roche <laroche@redhat.com>2004-10-07 11:39:38 +0000
commit2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf (patch)
tree1b4b918f4dcb456d3259d9c277c023aab2fc62e2
parent7bdb783328c85e6af7b18782ead428cdbd5de2de (diff)
downloadinitscripts-2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf.tar
initscripts-2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf.tar.gz
initscripts-2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf.tar.bz2
initscripts-2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf.tar.xz
initscripts-2ce834f6f7fa1d6662b45116dcf12ab5f1888fbf.zip
- disallow source routed packets by defaultr7-89
-rw-r--r--ChangeLog6
-rw-r--r--initscripts.spec5
-rw-r--r--sysctl.conf3
-rw-r--r--sysctl.conf.s3903
-rw-r--r--sysctl.conf.sparc3
5 files changed, 19 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 4288d203..1acf65f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2004-10-07 Florian La Roche <laroche@redhat.com>
+
+ * ChangeLog, initscripts.spec: 7.89-1
+
+ * sysctl.conf*: disallow source routed packets per default
+
2004-10-06 Bill Nottingham <notting@redhat.com>
* ChangeLog, initscripts.spec: 7.88-1
diff --git a/initscripts.spec b/initscripts.spec
index 867d0f4c..139e8446 100644
--- a/initscripts.spec
+++ b/initscripts.spec
@@ -1,6 +1,6 @@
Summary: The inittab file and the /etc/init.d scripts.
Name: initscripts
-Version: 7.88
+Version: 7.89
License: GPL
Group: System Environment/Base
Release: 1
@@ -207,6 +207,9 @@ rm -rf $RPM_BUILD_ROOT
%ghost %attr(0664,root,utmp) /var/run/utmp
%changelog
+* Thu Oct 07 2004 Florian La Roche <Florian.LaRoche@redhat.de>
+- change /etc/sysctl.conf to not allow source routed packets per default
+
* Fri Oct 6 2004 Bill Nottingham <notting@redhat.com> - 7.88-1
- fix requires
diff --git a/sysctl.conf b/sysctl.conf
index 044bf27a..db98922f 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -9,6 +9,9 @@ net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
diff --git a/sysctl.conf.s390 b/sysctl.conf.s390
index ef22e8bb..0ddc1d55 100644
--- a/sysctl.conf.s390
+++ b/sysctl.conf.s390
@@ -9,6 +9,9 @@ net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
diff --git a/sysctl.conf.sparc b/sysctl.conf.sparc
index d96eafc3..3fc5c31b 100644
--- a/sysctl.conf.sparc
+++ b/sysctl.conf.sparc
@@ -9,6 +9,9 @@ net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0