Firewall frage für debian

[echoslider]

sowas is in meinem fw script drin... hab ich natürlich stundne lang gesucht beo google und alles zusammen gestellt..

Code:

    # Schutz vor IP-Spoofing aktivieren
    for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
    echo 1 > $f
    done

    # Max. 500/Sekunde (5/Jiffie) senden
    echo 5 > /proc/sys/net/ipv4/icmp_ratelimit

    # Speicherallozierung und -timing für IP-De/-Fragmentierung
    echo 262144 > /proc/sys/net/ipv4/ipfrag_high_thresh
    echo 196608 > /proc/sys/net/ipv4/ipfrag_low_thresh
    echo 30 > /proc/sys/net/ipv4/ipfrag_time

    # Maximal 3 Antworten auf ein TCP-SYN
    echo 3 > /proc/sys/net/ipv4/tcp_retries1

    # TCP-Pakete maximal 15x wiederholen
    echo 15 > /proc/sys/net/ipv4/tcp_retries2

    # ICMP Dead Error Messages protection.
    echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

    # TCP-FIN-Timeout zum Schutz vor DoS-Attacken setzen
    echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
    echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
    echo 0 > /proc/sys/net/ipv4/tcp_sack
    echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

    # Required to enable IPv4 forwarding.
    echo "1" > /proc/sys/net/ipv4/ip_forward

    # This enables dynamic address hacking.
    echo "1" > /proc/sys/net/ipv4/ip_dynaddr

    # This enables SYN flood protection.
    echo "1" > /proc/sys/net/ipv4/tcp_syncookies

    # Ping flood protection
    echo 1 > /proc/sys/net/ipv4/icmp_ratelimit

    # This enables source validation by reversed path according to RFC1812.
    echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter

    # This option allows a subnet to be firewalled with a single IP address.
    echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp

    # This kernel parameter instructs the kernel to ignore all ICMP
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

    # This option can be used to accept or refuse source routed
    echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route

    # This option can disable ICMP redirects.  ICMP redirects
    echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

    # Reverse-Path-Filter
    echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter

    # Proxy-ARP ausschalten
    echo "0" > /proc/sys/net/ipv4/conf/all/proxy_arp

    # This option accepts only from gateways in the default gateways list.
    echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects

    # This option logs packets from impossible addresses.
    echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

    # BOOTP-Relaying ausschalten
    echo 0 > /proc/sys/net/ipv4/conf/all/bootp_relay