if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ] then echo -e "\n\tEnable bad error message protection......." echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_ecn ] then echo -e "\n\tDisabling tcp_ecn,please wait..." echo 0 >/proc/sys/net/ipv4/tcp_ecn echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_reordering ] then echo -e "\n\tchangling tcp_reordering,please wait..." echo 0 >/proc/sys/net/ipv4/tcp_reordering echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_wmem ] then echo -e "\n\tchanging tcp_wmem,please wait..." echo "4096 16384 131072" >/proc/sys/net/ipv4/tcp_wmem echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/tcp_rmem ] then echo -e "\n\tchanging tcp_rmem,please wait..." echo "4096 87380 174760" >/proc/sys/net/ipv4/tcp_rmem echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/tcp_mem ] then echo -e "\n\tchanging tcp_mem,please wait..." echo "97280 97792 98304" >/proc/sys/net/ipv4/tcp_mem echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/tcp_adv_win_scale ] then echo -e "\n\tchanging tcp_adv_win_scale,please wait..." echo 2 >/proc/sys/net/ipv4/tcp_adv_win_scale echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/tcp_rfc1337 ] then echo -e "\n\tchanging tcp_rfc1337,please wait..." echo 0 >/proc/sys/net/ipv4/tcp_rfc1337 echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/conf/all/accept_redirects ]
then
echo -e "\n\tDisabing ICMP redirects,please wait...." echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]
then echo -e "\n\tDisabling source routing of packets,please wait...." for i in /proc/sys/net/ipv4/conf/*/accept_source_route
do echo 0 > $i
done echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ] then echo -e "\n\tIgnore any broadcast icmp echo requests......" echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/icmp_destunreach_rate ] then echo -e "modify icmp_destunreach_rate and icmp_echoreply_rate.." echo 5 > /proc/sys/net/ipv4/icmp_destunreach_rate echo 5 > /proc/sys/net/ipv4/icmp_echoreply_rate echo 5 > /proc/sys/net/ipv4/icmp_ratelimit echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/bootp_relay ] then echo -e "\n\tDisable the bootp_relay......" echo 0 > /proc/sys/net/ipv4/conf/all/bootp_relay echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi # if [ -e /proc/sys/net/ipv4/tcp_timestamps ] then echo -e "\n\tDisable the tcp_timestamps......" echo 0 > /proc/sys/net/ipv4/tcp_timestamps echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_fin_timeout ] then echo -e "\n\tSetting up tcp_fin_timeout...." echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/tcp_window_scaling ] then echo -e "\n\tDisabling tcp_window_scaling...." echo 0 > /proc/sys/net/ipv4/tcp_window_scaling echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_sack ] then echo -e "\n\tDisabling tcp_sack...." echo 0 > /proc/sys/net/ipv4/tcp_sack echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/tcp_abort_on_overflowe ] then echo -e "\n\t Enabling tcp_abort_on_overflow" echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ] then echo -e "\n\t Enabling icmp_ignore_bogus_error_responses" echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/forwarding ] then echo -e "\n\t disabling forwarding" echo 1 > /proc/sys/net/ipv4/forwarding echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/mc_forwarding ] then echo -e "\n\t disabling mc_forwarding" echo 1 > /proc/sys/net/ipv4/mc_forwarding echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/config/all/log_martians ]
then echo -e "\n\tnot LOG packets with impossible addresses to kernel log...." echo 0 > /proc/sys/net/ipv4/conf/all/log_martians echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi for x in /proc/sys/net/ipv4/conf/*/log_martians; do echo 1 > $x done if [ -e /proc/sys/net/ipv4/conf/all/proxy_arp ] then echo -e "\n\tdisable proxy_arp...." echo 0 > /proc/sys/net/ipv4/conf/all/proxy_arp echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/conf/all/send_redirects ] then echo -e "\n\tdisable send_redirects...." echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi
if [ -e /proc/sys/net/ipv4/conf/all/secure_redirects ] then echo -e "\n\tenable secure_redirects...." echo 1 > /proc/sys/net/ipv4/conf/all/secure_redirects echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
}
unload_module() { for MODULE in ipt_TTL iptable_mangle ipt_mark ipt_MARK ipt_MASQUERADE ip_nat_irc ip_nat_ftp ipt_LOG \ ipt_limit ipt_REJECT ip_conntrack_irc ip_conntrack_ftp ipt_state iptable_nat iptable_filter ip_tables; do if (( `lsmod | grep -c "$MODULE"` )); then rmmod $MODULE > /dev/null 2>&1 fi done }
load_config() { FW_LOCATE=/etc/firewall if [ ! -e "$FW_LOCATE" ]