Boh, se blocchi le porte dovresti essere a posto.
Piuttosto, usa righe del genere:
Codice:
# blocco ping verso la macchina (DOS attack)
echo '1' > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo '1' > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo '1' > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# io ce l'ho disabilitato nel kernel, quindi lascio commentata la riga sotto
# echo '1' > /proc/sys/net/ipv4/tcp_syncookies
#---------------------------------------------------------------
# Disable routing triangulation. Respond to queries out
# the same interface, not another. Helps to maintain state
# Also protects against IP spoofing
#---------------------------------------------------------------
echo '1' > /proc/sys/net/ipv4/conf/all/rp_filter
# loggo i pacchetti malformati
echo '1' > /proc/sys/net/ipv4/conf/all/log_martians
echo '0' > /proc/sys/net/ipv4/conf/all/accept_source_route
echo '0' > /proc/sys/net/ipv4/conf/all/accept_redirects
echo '0' > /proc/sys/net/ipv4/conf/all/send_redirects