From 839f2540ac29eceae790ddb21a1fb382859ffb27 Mon Sep 17 00:00:00 2001
From: Saeid Bostandoust <49065072+ssbostan@users.noreply.github.com>
Date: Fri, 10 Jan 2020 17:23:29 +0330
Subject: [PATCH] add some kernel configuration

---
 README.md | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 67 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b41d2d0..ae39088 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,6 @@
 ## :ballot_box_with_check: Todo
 
 - [ ] Add useful Iptables configuration examples
-- [ ] Add useful Kernel Settings (sysctl) configuration examples
 - [ ] Add links to useful external resources
 - [ ] Add advanced configuration examples, commands, rules
 
@@ -38,6 +37,7 @@
 
 - [Tools to help you configure Iptables](#tools-to-help-you-configure-iptables)
 - [Manuals/Howtos/Tutorials](#manualshowtostutorials)
+- [Useful Kernel Settings (sysctl) configuration](#useful-kernel-settings-sysctl-configuration)
 - [How it works?](#how-it-works)
 - [Iptables Rules](#iptables-rules)
   * [Saving Rules](#saving-rules)
@@ -129,6 +129,72 @@
 &nbsp;&nbsp;:small_orange_diamond: <a href="https://making.pusher.com/per-ip-rate-limiting-with-iptables/"><b>Per-IP rate limiting with iptables</b></a><br>
 </p>
 
+### Kernel Settings (sysctl) Configuration
+
+```bash
+cat << EOF > /etc/sysctl.d/40-custom.conf
+
+#---------------------------------------------------------------
+# Disable routing triangulation. Respond to queries out
+# the same interface, not another. Helps to maintain state
+# Also protects against IP spoofing
+#---------------------------------------------------------------
+
+net/ipv4/conf/all/rp_filter = 1
+
+
+#---------------------------------------------------------------
+# Enable logging of packets with malformed IP addresses
+#---------------------------------------------------------------
+
+net/ipv4/conf/all/log_martians = 1
+
+
+#---------------------------------------------------------------
+# Disable redirects
+#---------------------------------------------------------------
+
+net/ipv4/conf/all/send_redirects = 0
+
+
+#---------------------------------------------------------------
+# Disable source routed packets
+#---------------------------------------------------------------
+
+net/ipv4/conf/all/accept_source_route = 0
+
+
+#---------------------------------------------------------------
+# Disable acceptance of ICMP redirects
+#---------------------------------------------------------------
+
+net/ipv4/conf/all/accept_redirects = 0
+
+
+#---------------------------------------------------------------
+# Turn on protection from Denial of Service (DOS) attacks
+#---------------------------------------------------------------
+
+net/ipv4/tcp_syncookies = 1
+
+
+#---------------------------------------------------------------
+# Disable responding to ping broadcasts
+#---------------------------------------------------------------
+
+net/ipv4/icmp_echo_ignore_broadcasts = 1
+
+
+#---------------------------------------------------------------
+# Enable IP routing. Required if your firewall is protecting a
+# network, NAT included
+#---------------------------------------------------------------
+
+net/ipv4/ip_forward = 1
+
+EOF
+```
+
 ### How it works?
 
 <p align="center">