summaryrefslogtreecommitdiffstats
path: root/nixos/modules/virtualisation/google-compute-config.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/virtualisation/google-compute-config.nix')
-rw-r--r--nixos/modules/virtualisation/google-compute-config.nix10
1 files changed, 2 insertions, 8 deletions
diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix
index 5c59188b68b2..79766970c757 100644
--- a/nixos/modules/virtualisation/google-compute-config.nix
+++ b/nixos/modules/virtualisation/google-compute-config.nix
@@ -159,12 +159,6 @@ in
# functionality/features (e.g. TCP Window scaling).
"net.ipv4.tcp_syncookies" = mkDefault "1";
- # ignores source-routed packets
- "net.ipv4.conf.all.accept_source_route" = mkDefault "0";
-
- # ignores source-routed packets
- "net.ipv4.conf.default.accept_source_route" = mkDefault "0";
-
# ignores ICMP redirects
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
@@ -186,10 +180,10 @@ in
# don't allow traffic between networks or act as a router
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
- # reverse path filtering - IP spoofing protection
+ # strict reverse path filtering - IP spoofing protection
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
- # reverse path filtering - IP spoofing protection
+ # strict path filtering - IP spoofing protection
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
# ignores ICMP broadcasts to avoid participating in Smurf attacks
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-21 19:48:37 +0000