From ae47f6bbd266e995c74eeacade995f4d0be9a340 Mon Sep 17 00:00:00 2001 From: Tastatur Date: Fri, 29 Dec 2023 01:04:48 +0100 Subject: [PATCH] What is a ipv6? --- docs/alpine-desktop-setup/post-install/security.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/docs/alpine-desktop-setup/post-install/security.md b/docs/alpine-desktop-setup/post-install/security.md index c61e58e..d252e0f 100644 --- a/docs/alpine-desktop-setup/post-install/security.md +++ b/docs/alpine-desktop-setup/post-install/security.md @@ -39,7 +39,9 @@ There are a lot of kernel settings which can be passed to the command line to ma cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off module.sig_enforce=1 lockdown=confidentiality mce=0 loglevel=0 iommu=force spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full mds=full l1ft=flush ipv6.disable=1" ``` -After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now. +After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now. + +> Whilst booting up your system you may see sysctl complaining about ipv6 setting. [It's getting worked on](https://git.bijl.us/lnco/documentation/issues/30). ## Sysctl @@ -68,17 +70,11 @@ net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 -net.ipv6.conf.all.accept_redirects=0 -net.ipv6.conf.default.accept_redirects=0 net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_redirects=0 net.ipv4.icmp_echo_ignore_all=1 net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 -net.ipv6.conf.all.accept_source_route=0 -net.ipv6.conf.default.accept_source_route=0 -net.ipv6.conf.all.accept_ra=0 -net.ipv6.conf.default.accept_ra=0 net.ipv4.tcp_sack=0 net.ipv4.tcp_dsack=0 net.ipv4.tcp_fack=0