29. Enable always-defragging Protection
Prev Chapter 5. General System Security Next

29. Enable always-defragging Protection

Version 6.1 only

This protection must be enabled if you use your Linux server as a gateway to masquerade internal traffic to the Internet IP Masquerading. 

            [root@deep] /#echo 1 > /proc/sys/net/ipv4/ip_always_defrag

Add the above commands to the /etc/rc.d/rc.local script file and you'll not have to type it again the next time you reboot your system.

Version 6.2 only

Edit the /etc/sysctl.conf file and add the following line: 

            # Enable always defragging Protection
            net.ipv4.ip_always_defrag = 1

You must restart your network for the change to take effect. The command to manually restart the network is the following: 

            [root@deep] /# /etc/rc.d/init.d/network restart
            Setting network parameters	  [  OK  ]
            Bringing up interface lo	  [  OK  ]
            Bringing up interface eth0	  [  OK  ]
            Bringing up interface eth1	  [  OK  ]

Prev Up Next
28. Disable ICMP Redirect Acceptance Home 30. Enable bad error message Protection