Kernel Hack

There are several useful kernel flags you can set to increase your default network security without using IP Tables. The /proc filesystem is a window into various parts of the Linux kernel. Some of these values in the running kernel are read-only, others may be modified on the fly.

Kernel entries made on the fly do not apply after a reboot. Some proc entries have a value of either 0 or 1, while others have character string values.

View current hostname:

cat /proc/sys/kernel/hostname

Change the current hostname instantly:

echo 'newhostname' > /proc/sys/kernel/hostname

Enable IP Forwarding: (echo 0 disables)

echo 1 > /proc/sys/net/ipv4/ip_forward

To turn off answers to icmp_echos (such as ping): (echo 0 turns back on)

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all



_______________________________________________________________________________

  • Sat Jul 12 16:17:01 CDT 2003
Last modified on 24 November 2010, at 11:48