> _Enable logging of packets with malformed IP addresses._
```bash
cat <<EOF>> /etc/sysctl.d/40-custom.conf
net/ipv4/conf/all/log_martians = 1
EOF
```
- [What is the usefulness of logging of martians packet?](https://serverfault.com/questions/570980/what-is-the-usefulness-of-logging-of-martians-packet-e-g-net-ipv4-conf-all-lo)
##### send_redirects
> _Disables sending of all IPv4 ICMP redirected packets on all interfaces._
- [The system must not accept IPv4 source-routed packets by default.](https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2017-12-08/finding/V-38529)
##### accept_redirects
> _Disable acceptance of ICMP redirects._
```bash
cat <<EOF>> /etc/sysctl.d/40-custom.conf
net/ipv4/conf/all/accept_redirects = 0
EOF
```
- [What are ICMP redirects and should they be blocked?](https://askubuntu.com/questions/118273/what-are-icmp-redirects-and-should-they-be-blocked)
- [The Red Hat Enterprise Linux operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2018-11-28/finding/V-73175)
##### tcp_syncookies
> _Turn on SYN-flood protections (protection from Denial of Service (DOS) attacks)._
```bash
cat <<EOF>> /etc/sysctl.d/40-custom.conf
net/ipv4/tcp_syncookies = 1
EOF
```
- [Hardening your TCP/IP Stack Against SYN Floods](https://www.ndchost.com/wiki/server-administration/hardening-tcpip-syn-flood)
- [Linux: Turn On TCP SYN Cookie Protection](https://www.cyberciti.biz/faq/enable-tcp-syn-cookie-protection/)
- [Better alternative for tcp_syncookies in Linux](https://serverfault.com/questions/705504/better-alternative-for-tcp-syncookies-in-linux)
##### icmp_echo_ignore_broadcasts
> _Disable responding to ping broadcasts._
```bash
cat <<EOF>> /etc/sysctl.d/40-custom.conf
net/ipv4/icmp_echo_ignore_broadcasts = 1
EOF
```
- [What is ICMP broadcast good for?](https://superuser.com/questions/306065/what-is-icmp-broadcast-good-for)
- [The system must not respond to ICMPv4 sent to a broadcast address.](https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2018-11-28/finding/V-38535)
##### ip_forward
> _Enable IP routing. Required if your firewall is protecting a network, NAT included._
```bash
cat <<EOF>> /etc/sysctl.d/40-custom.conf
net/ipv4/ip_forward = 1
EOF
```
- [Introduction to routers](http://linux-training.be/security/ch10.html)
- [How to Enable IP Forwarding in Linux](http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/)
- [What is kernel ip forwarding?](https://unix.stackexchange.com/questions/14056/what-is-kernel-ip-forwarding)