# Disables packet forwarding
net.ipv4.ip_forward = 1
# Use SYN cookies
net.ipv4.tcp_syncookies = 1
# Do selective acknowledgement
net.ipv4.tcp_sack = 1
# Use timestamping
net.ipv4.tcp_timestamps = 1
# Do TCP window scaling
net.ipv4.tcp_window_scaling = 1
# Ignore ICMP broadcast packets
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Disable accepting of network route redirects
net.ipv4.conf.all.accept_redirects = 0
# Disable handling of source-routed packets
net.ipv4.conf.all.accept_source_route = 0
# Log packets originating from Mars
net.ipv4.conf.all.log_martians = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 1
# Set the range of local ports to use
net.ipv4.ip_local_port_range = 32768 59999
# Disables the magic-sysrq key
kernel.sysrq = 0