# /etc/sysctl.conf - Configuration file for setting system variables
  # See sysctl.conf (5) for information. Also see the files under
  # Documentation/sysctl/, Documentation/filesystems/proc.txt, and
  # Documentation/networking/ip-sysctl.txt in the kernel sources 
  # (/usr/src/kernel-$version if you have a kernel-package installed)
  # for more information of the values that can be defined here.
  
  #
  # Be warned that /etc/init.d/procps is executed to set the following
  # variables.  However, after that, /etc/init.d/networking sets some
  # network options with builtin values.  These values may be overridden
  # using /etc/network/options.
  #
  #kernel.domainname = example.com
  
  # Additional settings - adapted from the script contributed
  # by Dariusz Puchala (see below)
  # Ignore ICMP broadcasts
  net/ipv4/icmp_echo_ignore_broadcasts = 1
  #
  # Ignore bogus ICMP errors
  net/ipv4/icmp_ignore_bogus_error_responses = 1
  # 
  # Do not accept ICMP redirects (prevent MITM attacks)
  net/ipv4/conf/all/accept_redirects = 0
  # _or_
  # Accept ICMP redirects only for gateways listed in our default
  # gateway list (enabled by default)
  # net/ipv4/conf/all/secure_redirects = 1
  #
  # Do not send ICMP redirects (we are not a router)
  net/ipv4/conf/all/send_redirects = 0
  #
  # Do not forward IP packets (we are not a router)
  # Note: Make sure that /etc/network/options has 'ip_forward=no'
  net/ipv4/conf/all/forwarding = 0
  #
  # Enable TCP Syn Cookies
  # Note: Make sure that /etc/network/options has 'syncookies=yes'
  net/ipv4/tcp_syncookies = 1
  #
  # Log Martian Packets
  net/ipv4/conf/all/log_martians = 1
  #
  # Turn on Source Address Verification in all interfaces to
  # prevent some spoofing attacks
  # Note: Make sure that /etc/network/options has 'spoofprotect=yes'
  net/ipv4/conf/all/rp_filter = 1
  #
  # Do not accept IP source route packets (we are not a router)
  net/ipv4/conf/all/accept_source_route = 0