sowas is in meinem fw script drin... hab ich natürlich stundne lang gesucht beo google und alles zusammen gestellt..
Code:
# Schutz vor IP-Spoofing aktivieren
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
# Max. 500/Sekunde (5/Jiffie) senden
echo 5 > /proc/sys/net/ipv4/icmp_ratelimit
# Speicherallozierung und -timing für IP-De/-Fragmentierung
echo 262144 > /proc/sys/net/ipv4/ipfrag_high_thresh
echo 196608 > /proc/sys/net/ipv4/ipfrag_low_thresh
echo 30 > /proc/sys/net/ipv4/ipfrag_time
# Maximal 3 Antworten auf ein TCP-SYN
echo 3 > /proc/sys/net/ipv4/tcp_retries1
# TCP-Pakete maximal 15x wiederholen
echo 15 > /proc/sys/net/ipv4/tcp_retries2
# ICMP Dead Error Messages protection.
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# TCP-FIN-Timeout zum Schutz vor DoS-Attacken setzen
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
# Required to enable IPv4 forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward
# This enables dynamic address hacking.
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# This enables SYN flood protection.
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
# Ping flood protection
echo 1 > /proc/sys/net/ipv4/icmp_ratelimit
# This enables source validation by reversed path according to RFC1812.
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
# This option allows a subnet to be firewalled with a single IP address.
echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp
# This kernel parameter instructs the kernel to ignore all ICMP
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# This option can be used to accept or refuse source routed
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
# This option can disable ICMP redirects. ICMP redirects
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
# Reverse-Path-Filter
echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter
# Proxy-ARP ausschalten
echo "0" > /proc/sys/net/ipv4/conf/all/proxy_arp
# This option accepts only from gateways in the default gateways list.
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
# This option logs packets from impossible addresses.
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
# BOOTP-Relaying ausschalten
echo 0 > /proc/sys/net/ipv4/conf/all/bootp_relay